Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0207 | 2 Ovirt, Redhat | 5 Vdsm, Enterprise Linux, Virtualization and 2 more | 2023-12-10 | N/A | 4.7 MEDIUM |
| A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | |||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | |||||
| CVE-2019-3831 | 2 Ovirt, Redhat | 2 Vdsm, Gluster Storage | 2023-12-10 | 9.0 HIGH | 6.7 MEDIUM |
| A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. | |||||
| CVE-2018-10908 | 2 Ovirt, Redhat | 2 Vdsm, Virtualization | 2023-12-10 | 7.1 HIGH | 6.3 MEDIUM |
| It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host. | |||||