The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of oVirt

computer vulnerability announce CVE-2019-3879

oVirt: denial of service via REST API RemoveDiskCommand

Synthesis of the vulnerability

An attacker can trigger a fatal error via REST API RemoveDiskCommand of oVirt, in order to trigger a denial of service.
Impacted products: oVirt.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 26/03/2019.
Identifiers: CVE-2019-3879, RHBUG-1684978, VIGILANCE-VUL-28857.

Description of the vulnerability

An attacker can trigger a fatal error via REST API RemoveDiskCommand of oVirt, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1072

oVirt: information disclosure via /var/log/ovirt-engine

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via /var/log/ovirt-engine of oVirt, in order to obtain sensitive information.
Impacted products: oVirt.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 27/06/2018.
Identifiers: 1540622, CVE-2018-1072, VIGILANCE-VUL-26553.

Description of the vulnerability

An attacker can bypass access restrictions to data via /var/log/ovirt-engine of oVirt, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-3639

Processors: information disclosure via Speculative Store

Synthesis of the vulnerability

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Impacted products: Mac OS X, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, HP ProLiant, AIX, IBM i, QRadar SIEM, Junos Space, Linux, Windows (platform) ~ not comprehensive, MiVoice 5000, openSUSE Leap, Solaris, oVirt, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 22/05/2018.
Identifiers: 1528, 18-0006, 525441, ADV180012, CERTFR-2018-AVI-248, CERTFR-2018-AVI-250, CERTFR-2018-AVI-256, CERTFR-2018-AVI-258, CERTFR-2018-AVI-259, CERTFR-2018-AVI-280, CERTFR-2018-AVI-306, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-346, CERTFR-2018-AVI-357, CERTFR-2018-AVI-386, CERTFR-2018-AVI-429, CERTFR-2019-AVI-036, CERTFR-2019-AVI-052, cisco-sa-20180521-cpusidechannel, cpujan2019, CTX235225, CVE-2018-3639, DLA-1423-1, DLA-1424-1, DLA-1434-1, DLA-1446-1, DLA-1506-1, DLA-1529-1, DLA-1731-1, DLA-1731-2, DSA-2018-175, DSA-2019-030, DSA-4210-1, DSA-4273-1, DSA-4273-2, FEDORA-2018-5521156807, FEDORA-2018-6367a17aa3, FEDORA-2018-aec846c0ef, FEDORA-2018-db0d3e157e, FG-IR-18-002, HPESBHF03850, HT209139, HT209193, ibm10796076, JSA10917, K29146534, K54252492, N1022433, nas8N1022433, openSUSE-SU-2018:1380-1, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:1420-1, openSUSE-SU-2018:1487-1, openSUSE-SU-2018:1621-1, openSUSE-SU-2018:1623-1, openSUSE-SU-2018:1628-1, openSUSE-SU-2018:1773-1, openSUSE-SU-2018:1904-1, openSUSE-SU-2018:2306-1, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2402-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2018:3709-1, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:1438-1, openSUSE-SU-2019:1439-1, RHSA-2018:1629-01, RHSA-2018:1630-01, RHSA-2018:1632-01, RHSA-2018:1633-01, RHSA-2018:1635-01, RHSA-2018:1636-01, RHSA-2018:1637-01, RHSA-2018:1638-01, RHSA-2018:1639-01, RHSA-2018:1640-01, RHSA-2018:1641-01, RHSA-2018:1642-01, RHSA-2018:1647-01, RHSA-2018:1648-01, RHSA-2018:1649-01, RHSA-2018:1650-01, RHSA-2018:1651-01, RHSA-2018:1652-01, RHSA-2018:1653-01, RHSA-2018:1656-01, RHSA-2018:1657-01, RHSA-2018:1658-01, RHSA-2018:1659-01, RHSA-2018:1660-01, RHSA-2018:1661-01, RHSA-2018:1662-01, RHSA-2018:1663-01, RHSA-2018:1664-01, RHSA-2018:1665-01, RHSA-2018:1666-01, RHSA-2018:1667-01, RHSA-2018:1668-01, RHSA-2018:1669-01, RHSA-2018:1737-01, RHSA-2018:1738-01, RHSA-2018:1826-01, RHSA-2018:1965-01, RHSA-2018:1967-01, RHSA-2018:1997-01, RHSA-2018:2001-01, RHSA-2018:2003-01, RHSA-2018:2006-01, RHSA-2018:2161-01, RHSA-2018:2162-01, RHSA-2018:2164-01, RHSA-2018:2171-01, RHSA-2018:2172-01, RHSA-2018:2216-01, RHSA-2018:2250-01, RHSA-2018:2309-01, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2390-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2948-01, RHSA-2018:3396-01, RHSA-2018:3397-01, RHSA-2018:3398-01, RHSA-2018:3399-01, RHSA-2018:3400-01, RHSA-2018:3401-01, RHSA-2018:3402-01, RHSA-2018:3407-01, RHSA-2018:3423-01, RHSA-2018:3424-01, RHSA-2018:3425-01, spectre_meltdown_advisory, SSA:2018-208-01, SSA-268644, SSA-505225, SUSE-SU-2018:1362-1, SUSE-SU-2018:1363-1, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1377-1, SUSE-SU-2018:1378-1, SUSE-SU-2018:1386-1, SUSE-SU-2018:1389-1, SUSE-SU-2018:1452-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:1475-1, SUSE-SU-2018:1479-1, SUSE-SU-2018:1482-1, SUSE-SU-2018:1582-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1614-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1926-1, SUSE-SU-2018:1935-1, SUSE-SU-2018:2076-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, SUSE-SU-2018:2304-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2340-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2556-1, SUSE-SU-2018:2565-1, SUSE-SU-2018:2615-1, SUSE-SU-2018:2650-1, SUSE-SU-2018:2973-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3555-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0148-1, SUSE-SU-2019:1211-2, SUSE-SU-2019:2028-1, TA18-141A, USN-3651-1, USN-3652-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3655-1, USN-3655-2, USN-3679-1, USN-3680-1, USN-3756-1, VIGILANCE-VUL-26183, VMSA-2018-0012, VMSA-2018-0012.1, VU#180049, XSA-263.

Description of the vulnerability

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1000095

oVirt: Cross Site Scripting via VM Name/Description

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via VM Name/Description of oVirt, in order to run JavaScript code in the context of the web site.
Impacted products: oVirt.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 14/03/2018.
Identifiers: CVE-2018-1000095, VIGILANCE-VUL-25553.

Description of the vulnerability

The oVirt product offers a web service.

However, it does not filter received data via VM Name/Description before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via VM Name/Description of oVirt, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1000018

oVirt: "root" password disclosure via a log file

Synthesis of the vulnerability

An attacker can read the log file created by hosted-engine-setup from oVirt, in order to get the root password.
Impacted products: oVirt.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 24/01/2018.
Identifiers: CVE-2018-1000018, VIGILANCE-VUL-25143.

Description of the vulnerability

An attacker can read the log file created by hosted-engine-setup from oVirt, in order to get the root password.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-5279

QEMU: buffer overflow of ne2000_receive

Synthesis of the vulnerability

An attacker privileged in a guest system can generate a buffer overflow in ne2000_receive of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, oVirt, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Creation date: 15/09/2015.
Identifiers: CVE-2015-5279, DSA-3361-1, DSA-3362-1, FEDORA-2015-015aec3bf2, FEDORA-2015-16368, FEDORA-2015-16369, FEDORA-2015-efc1d7ba5e, RHSA-2015:1896-01, RHSA-2015:1924-01, RHSA-2015:1925-01, RHSA-2015:2065-01, SOL63519101, SUSE-SU-2015:1782-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1785-1, USN-2745-1, VIGILANCE-VUL-17896.

Description of the vulnerability

The QEMU product implements a NE2000 network device.

However, if the size of data is greater than NE2000_MEM_SIZE(49152), an overflow occurs.

An attacker privileged in a guest system can therefore generate a buffer overflow in ne2000_receive of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3209

QEMU, Xen: privilege escalation via the PCNET emulation

Synthesis of the vulnerability

An attacker can trigger a buffer overflow in the heap of the QEMU's driver for PCNET cards, in order to escalate his privileges in the host system.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, openSUSE, oVirt, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user console.
Creation date: 11/06/2015.
Identifiers: CERTFR-2015-AVI-252, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2015-3209, DSA-3284-1, DSA-3285-1, DSA-3286-1, FEDORA-2015-10001, FEDORA-2015-13402, FEDORA-2015-13404, FEDORA-2015-9965, FEDORA-2015-9978, JSA10698, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, RHSA-2015:1087-01, RHSA-2015:1088-01, RHSA-2015:1089-01, RHSA-2015:1189-01, SOL63519101, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1152-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, SUSE-SU-2015:1206-1, SUSE-SU-2015:1426-1, SUSE-SU-2015:1519-1, USN-2630-1, VIGILANCE-VUL-17107, XSA-135.

Description of the vulnerability

The Xen product uses QEMU to provide hardware emulation of virtual machines.

QEMU includes a driver for the Ethernet device PCNET. This driver allows frame chaining. However, this function allows the guest kernel to trigger a buffer overflow in the qemu process' heap. It can then overwrite a function pointer in the data structure that describes the frame to be sent, and so run arbitrary code in the host system with the qemu privileges, typically the administration privileges.

An attacker can therefore trigger a buffer overflow in the heap of the QEMU's driver for PCNET cards, in order to escalate his privileges in the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-3456

QEMU, Xen: privilege escalation via the emulated floppy disk drive, VENOM

Synthesis of the vulnerability

A local attacker can trigger a buffer overflow attack in the emulated floppy disk controller of QEMU, in order to escalate his privileges.
Impacted products: XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, Junos OS, openSUSE, oVirt, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 13/05/2015.
Identifiers: CERTFR-2015-AVI-224, CERTFR-2015-AVI-286, CTX201078, CVE-2015-3456, DSA-3259-1, DSA-3262-1, DSA-3274-1, FEDORA-2015-8248, FEDORA-2015-8249, FEDORA-2015-8252, FEDORA-2015-8270, FEDORA-2015-9601, JSA10693, openSUSE-SU-2015:0893-1, openSUSE-SU-2015:0894-1, openSUSE-SU-2015:0983-1, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, openSUSE-SU-2015:1400-1, RHSA-2015:0998-01, RHSA-2015:0999-01, RHSA-2015:1000-01, RHSA-2015:1001-01, RHSA-2015:1002-01, RHSA-2015:1003-01, RHSA-2015:1004-01, RHSA-2015:1011-01, RHSA-2015:1031-01, SOL16620, SUSE-SU-2015:0889-1, SUSE-SU-2015:0889-2, SUSE-SU-2015:0896-1, SUSE-SU-2015:0923-1, SUSE-SU-2015:0927-1, SUSE-SU-2015:0929-1, SUSE-SU-2015:0940-1, SUSE-SU-2015:0943-1, SUSE-SU-2015:0944-1, USN-2608-1, VENOM, VIGILANCE-VUL-16904, XSA-133.

Description of the vulnerability

The Xen product can emulate a floppy drive with QEMU.

However, several fdctrl_*() functions of the hw/fdc.c file of QEMU do not check the index of an array.

A local attacker can therefore trigger a buffer overflow attack in the emulated floppy disk controller of QEMU, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about oVirt: