RSS   Podatności dla 'VDSM'   RSS

2019-11-25
 
CVE-2012-5518

CWE-295
 

 
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)

 
2019-03-25
 
CVE-2019-3831

CWE-77
 

 
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.

 
2018-08-09
 
CVE-2018-10908

CWE-770
 

 
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

 

 >>> Vendor: Ovirt 10 Produkty
Ovirt
Ovirt-engine-cli
Sanlock
Ovirt-node
Ovirt-hosted-engine-setup
VDSM
Cockpit-ovirt
Ovirt-engine
MOM
NODE


Copyright 2024, cxsecurity.com

 

Back to Top