Vdsm

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorOvirt (3d6c0cbf-5339-5078-9faf-7b56db6ea300)
ProductVdsm (e836a7b4-91cb-5b5f-bae7-6ecd29b838eb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/ovirt/vdsm purl2cpe 2026-06-01 10:13:25.242884

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-0207 vulnerable 2026-06-08 05:39:09.487679 Details available
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
Published: 2022-08-26T17:25:47.000Z
Updated: 2024-08-02T23:18:42.543Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3831 vulnerable 2026-06-08 05:13:56.150747 Details available
MEDIUM (6.4)
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
Published: 2019-03-25T17:12:10.000Z
Updated: 2024-08-04T19:19:18.593Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-10908 vulnerable 2026-06-08 05:10:37.346271 Details available
MEDIUM (6.5)
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
Published: 2018-08-09T19:00:00.000Z
Updated: 2024-08-05T07:54:35.199Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.