Ovirt Vdsm vulnerabilities
3 known vulnerabilities affecting ovirt/vdsm.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-0207MEDIUMCVSS 4.7≥ 4.30.1, < 4.50.0.42022-08-26
CVE-2022-0207 [MEDIUM] CWE-362 CVE-2022-0207: A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that ma
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
nvd
CVE-2019-3831MEDIUMCVSS 6.7≥ 4.19, ≤ 4.30.3≥ 4.30.5, ≤ 4.30.82019-03-25
CVE-2019-3831 [MEDIUM] CWE-863 CVE-2019-3831: A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The s
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
nvd
CVE-2018-10908MEDIUMCVSS 6.3fixed in 4.20.372018-08-09
CVE-2018-10908 [MEDIUM] CWE-20 CVE-2018-10908: It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
nvd