Vulnerabilites related to redhat - enterprise_virtualization_hypervisor
Vulnerability from fkie_nvd
Published
2020-02-25 21:15
Modified
2024-11-21 02:32
Severity ?
Summary
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2015-5201 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1253882 | Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1273144 | Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://rhn.redhat.com/errata/RHEA-2015-2527.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2015-5201 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1253882 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1273144 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHEA-2015-2527.html | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_virtualization | * | |
redhat | enterprise_virtualization_hypervisor | * | |
redhat | enterprise_virtualization_hypervisor | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization:*:*:*:*:*:*:*:*", matchCriteriaId: "E448B3E1-42A5-48E3-9F6E-A5C4FAC7C3C2", versionEndExcluding: "3.5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "DE31D534-0B91-48EA-BEFB-4C23BB7FA348", versionEndExcluding: "6-6.7-20151117.0", versionStartIncluding: "6-6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "EDAA94DE-A71F-4FFA-8DE8-453B249D3F19", versionEndExcluding: "7-7.2-20151119.0", versionStartIncluding: "7-7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.", }, { lang: "es", value: "VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (también se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119.0 y versiones 6-6.x anteriores a 6-6.7-20151117.0, como es paquetizado en Red Hat Enterprise Virtualization versiones anteriores a 3.5.6, cuando VSDM se ejecuta con -spice disable-ticketing y una VM es suspendida y luego restaurada, permite a atacantes remotos iniciar sesión sin autenticación por medio de vectores no especificados.", }, ], id: "CVE-2015-5201", lastModified: "2024-11-21T02:32:32.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-25T21:15:10.750", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2015-5201", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHEA-2015-2527.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2015-5201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHEA-2015-2527.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-22 17:15
Modified
2024-11-21 01:35
Severity ?
Summary
PyXML: Hash table collisions CPU usage Denial of Service
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
python | pyxml | - | |
redhat | enterprise_virtualization_hypervisor | - | |
redhat | enterprise_linux | 5.0 | |
redhat | enterprise_linux | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:pyxml:-:*:*:*:*:*:*:*", matchCriteriaId: "8E34FD25-95B9-46CE-AED2-CFA11A32FBE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:-:*:*:*:*:*:*:*", matchCriteriaId: "DD63A69A-F4D6-4D5B-9D10-D92536A65CC5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PyXML: Hash table collisions CPU usage Denial of Service", }, { lang: "es", value: "PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio", }, ], id: "CVE-2012-0877", lastModified: "2024-11-21T01:35:53.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-22T17:15:11.553", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/96", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2012-0877", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-0877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/96", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2012-0877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-0877", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-12-27 01:55
Modified
2024-11-21 01:12
Severity ?
Summary
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_virtualization_hypervisor | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "DB490059-0C5C-42FD-8A99-61AD032218B3", versionEndIncluding: "5.4-2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.", }, { lang: "es", value: "libspice, como es utilizada en QUEMU-KVM en Red Hat Enterprise Virtualization Hypervisor (también conocido como RHEV-H o rhev-hypervisor) anteriores a 5.5-2.2 y posiblemente otros productos, permite a usuarios de SO invitados leer o escribir de memoria QEMU arbitraria modificando la dirección que es utilizada por Cairo para mapeados de memoria.", }, ], id: "CVE-2010-0430", lastModified: "2024-11-21T01:12:12.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 7.4, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-12-27T01:55:04.957", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2010-0271.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=568702", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2010-0271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=568702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-31 23:55
Modified
2024-11-21 01:26
Severity ?
Summary
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | 2.6.18 | |
redhat | enterprise_linux | 5 | |
redhat | enterprise_virtualization_hypervisor | * | |
redhat | enterprise_linux | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", matchCriteriaId: "C06F0037-DE20-4B4A-977F-BFCFAB026517", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", matchCriteriaId: "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "2DABB910-46D1-4DBB-B024-926714046296", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.", }, { lang: "es", value: "Vulnerabilidad en la implementación de Generic Receive Offload (GRO) en el kernel de Linux versión 2.6.18 en Red Hat Enterprise Linux versiones 5 y 2.6.32 en Red Hat Enterprise Linux versión 6, tal y como se utiliza en el Hypervisor Red Hat Enterprise Virtualization (RHEV) y otros productos, permite a los atacantes remotos generar un denegación de servicio mediante paquetes VLAN creados que son procesados por la función napi_reuse_skb, lo que conduce a (1) una fuga de memoria o (2) daños en la memoria, una vulnerabilidad diferente a CVE-2011-1478.", }, ], id: "CVE-2011-1576", lastModified: "2024-11-21T01:26:38.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 5.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-31T23:55:01.737", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2011-0927.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1090.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1106.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/48907", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1025853", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=695173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2011-0927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1090.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1106.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=695173", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-06-24 17:30
Modified
2024-11-21 01:16
Severity ?
Summary
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_virtualization_hypervisor | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "DB490059-0C5C-42FD-8A99-61AD032218B3", versionEndIncluding: "5.4-2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.", }, { lang: "es", value: "Virtual Desktop Server Manager (VDSM) en Red Hat Enterprise Virtualization Hypervisor (conocido como RHEV-H or rhev-hypervisor) anterior v5.5-2.2 no actúa adecuadamente después del borrado de los datos de una máquina virtual, lo que permite a usuarios invitados obtener información sensible por examinación de bloques de discos asociados con una máquina virtual borrada. \r\n", }, ], id: "CVE-2010-2223", lastModified: "2024-11-21T01:16:11.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-06-24T17:30:00.937", references: [ { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1024137", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/41044", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=604752", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0473.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1024137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/41044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=604752", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0473.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2012-0877
Vulnerability from cvelistv5
Published
2019-11-22 16:15
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
PyXML: Hash table collisions CPU usage Denial of Service
References
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2012-0877 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2012-0877 | x_refsource_MISC | |
http://seclists.org/oss-sec/2014/q3/96 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/07/08/11 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:14.994Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-0877", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2012-0877", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/96", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "PyXML", vendor: "PyXML", versions: [ { status: "affected", version: "through 2012-02-03", }, ], }, ], descriptions: [ { lang: "en", value: "PyXML: Hash table collisions CPU usage Denial of Service", }, ], problemTypes: [ { descriptions: [ { description: "table collisions CPU usage DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-22T16:15:26", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-0877", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2012-0877", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2014/q3/96", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2014/07/08/11", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0877", datePublished: "2019-11-22T16:15:26", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:14.994Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1576
Vulnerability from cvelistv5
Published
2011-08-31 23:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/48907 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2011-1106.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2011-0927.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=695173 | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2011-1090.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id?1025853 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:28:41.877Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "48907", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48907", }, { name: "RHSA-2011:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1106.html", }, { name: "RHSA-2011:0927", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2011-0927.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=695173", }, { name: "RHSA-2011:1090", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1090.html", }, { name: "1025853", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025853", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-27T00:00:00", descriptions: [ { lang: "en", value: "The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-07T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "48907", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48907", }, { name: "RHSA-2011:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1106.html", }, { name: "RHSA-2011:0927", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2011-0927.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=695173", }, { name: "RHSA-2011:1090", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1090.html", }, { name: "1025853", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025853", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-1576", datePublished: "2011-08-31T23:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:28:41.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5201
Vulnerability from cvelistv5
Published
2020-02-25 20:16
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1253882 | x_refsource_MISC | |
https://rhn.redhat.com/errata/RHEA-2015-2527.html | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1273144 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2015-5201 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | RedHat | Enterprise Virtualization Hypervisor (aka RHEV-H) |
Version: 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:08.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHEA-2015-2527.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2015-5201", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Enterprise Virtualization Hypervisor (aka RHEV-H)", vendor: "RedHat", versions: [ { status: "affected", version: "7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0", }, ], }, ], datePublic: "2015-08-14T00:00:00", descriptions: [ { lang: "en", value: "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Weak Authentication", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-25T20:16:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", }, { tags: [ "x_refsource_MISC", ], url: "https://rhn.redhat.com/errata/RHEA-2015-2527.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/cve/cve-2015-5201", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5201", datePublished: "2020-02-25T20:16:02", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:08.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0430
Vulnerability from cvelistv5
Published
2013-12-27 01:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
References
▼ | URL | Tags |
---|---|---|
https://rhn.redhat.com/errata/RHSA-2010-0476.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=568702 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2010-0271.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:45:12.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2010:0476", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=568702", }, { name: "RHSA-2010:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2010-0271.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-06-30T00:00:00", descriptions: [ { lang: "en", value: "libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-12-27T00:57:03", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2010:0476", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=568702", }, { name: "RHSA-2010:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2010-0271.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-0430", datePublished: "2013-12-27T01:00:00", dateReserved: "2010-01-27T00:00:00", dateUpdated: "2024-08-07T00:45:12.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2223
Vulnerability from cvelistv5
Published
2010-06-24 17:00
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
References
▼ | URL | Tags |
---|---|---|
https://rhn.redhat.com/errata/RHSA-2010-0476.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=604752 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/41044 | vdb-entry, x_refsource_BID | |
https://rhn.redhat.com/errata/RHSA-2010-0473.html | vendor-advisory, x_refsource_REDHAT | |
http://securitytracker.com/id?1024137 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:25:07.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2010:0476", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=604752", }, { name: "41044", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/41044", }, { name: "RHSA-2010:0473", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0473.html", }, { name: "1024137", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1024137", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-06-24T17:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2010:0476", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0476.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=604752", }, { name: "41044", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/41044", }, { name: "RHSA-2010:0473", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHSA-2010-0473.html", }, { name: "1024137", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1024137", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-2223", datePublished: "2010-06-24T17:00:00Z", dateReserved: "2010-06-09T00:00:00Z", dateUpdated: "2024-08-07T02:25:07.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }