ovirt

Top products

The 15 most recently published vulnerabilities affecting ovirt.

• CVE-2024-7259Ovirt-engine: potential exposure of cleartext provider passwords via web ui4.9Sep 26, 2024
• CVE-2024-0822Ovirt: authentication bypass7.5Jan 25, 2024
• CVE-2022-3193An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigge...6.1Sep 28, 2022
• CVE-2022-2806It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev5.5Sep 1, 2022
• CVE-2022-0207A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.4.7Aug 26, 2022
• CVE-2022-0435A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the ...8.8Mar 25, 2022
• CVE-2022-0847A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thu...KEV7.8Mar 7, 2022
• CVE-2020-35497A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.6.5Dec 21, 2020
• CVE-2020-10775An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the t...5.3Aug 24, 2020
• CVE-2020-14333A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. Thi...6.3Aug 18, 2020
• CVE-2019-19336A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This f...6.1Mar 19, 2020
• CVE-2013-0293oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation7.8Dec 10, 2019
• CVE-2012-4480mom creates world-writable pid files in /var/run7.8Dec 2, 2019
• CVE-2012-5518vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)7.5Nov 25, 2019
• CVE-2015-1780oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center6.5Nov 22, 2019