Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt ovirt vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2018-1000018
An information disclosure in ovirt-hosted-engine-setup before 2.2.7 reveals the root user's password in the log file.
Ovirt Ovirt-hosted-engine-setup
1.9
CVSSv2
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Core I7 4900mq
Intel Core I7 4910mq
Intel Core I7 4950hq
Intel Core I7 4960hq
Intel Core I7 4980hq
Intel Core I7 4800mq
Intel Core I7 4810mq
Intel Core I7 4850hq
Intel Core I7 4860hq
Intel Core I7 4870hq
Intel Core I7 4700ec
Intel Core I7 4700eq
Intel Core I7 4700hq
Intel Core I7 4700mq
Intel Core I7 4702ec
Intel Core I7 4702hq
Intel Core I7 4702mq
Intel Core I7 4710hq
Intel Core I7 4710mq
Intel Core I7 4712hq
Intel Core I7 4712mq
Intel Core I7 4720hq
1 EDB exploit
49 Github repositories
9 Articles
4.3
CVSSv2
CVE-2014-3706
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle malicious users to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
Redhat Enterprise Mrg 3.0
6
CVSSv2
CVE-2014-7851
oVirt 3.2.2 up to and including 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that ...
Ovirt Ovirt 3.3.2
Ovirt Ovirt 3.4.0
Redhat Ovirt-engine 3.2.2
Redhat Ovirt-engine 3.3
Redhat Ovirt-engine 3.3.0.1
Redhat Ovirt-engine 3.3.1
Redhat Ovirt-engine 3.3.2
Redhat Ovirt-engine 3.3.3
Redhat Ovirt-engine 3.3.4
Redhat Ovirt-engine 3.3.5
Redhat Ovirt-engine 3.4.0
Redhat Ovirt-engine 3.4.1
Redhat Ovirt-engine 3.4.2
Redhat Ovirt-engine 3.4.3
Redhat Ovirt-engine 3.4.4
Redhat Ovirt-engine 3.5.0
9
CVSSv2
CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate malicious users ...
Ovirt Ovirt-node 3.0.0-474-gb852fd7
4.3
CVSSv2
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote malicious users to inject arbitrary web script or HTML.
Redhat Ovirt-engine -
1 Github repository
4
CVSSv2
CVE-2016-3077
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
Redhat Ovirt-engine -
5
CVSSv2
CVE-2014-0154
oVirt Engine prior to 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Ovirt Ovirt
6.8
CVSSv2
CVE-2014-0151
Cross-site request forgery (CSRF) vulnerability in oVirt Engine prior to 3.5.0 beta2 allows remote malicious users to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
Redhat Ovirt-engine
4.3
CVSSv2
CVE-2014-0153
The REST API in oVirt 3.4.0 and previous versions stores session IDs in HTML5 local storage, which allows remote malicious users to obtain sensitive information via a crafted web page.
Ovirt Ovirt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »