Redhat » Enterprise Virtualization : Security Vulnerabilities, CVEs, Published In 2013
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Max CVSS
5.0
EPSS Score
7.21%
Published
2013-11-02
Updated
2023-02-13
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.
Max CVSS
2.7
EPSS Score
0.05%
Published
2013-08-19
Updated
2023-02-13
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-09-16
Updated
2023-02-13
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-08-28
Updated
2013-08-29
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Max CVSS
10.0
EPSS Score
0.67%
Published
2013-01-31
Updated
2024-02-15
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."
Max CVSS
2.7
EPSS Score
0.05%
Published
2013-08-19
Updated
2013-08-20
6 vulnerabilities found