Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2018-1000018
An information disclosure in ovirt-hosted-engine-setup before 2.2.7 reveals the root user's password in the log file.
Ovirt Ovirt-hosted-engine-setup
5.5
CVSSv2
CVE-2019-3879
It exists that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploi...
Ovirt Ovirt
Redhat Virtualization 4.2
4.3
CVSSv2
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an malicious user to craft malicious HTML pages that can run s...
Ovirt Ovirt-engine
Redhat Virtualization 4.3
2.1
CVSSv2
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
9
CVSSv2
CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate malicious users ...
Ovirt Ovirt-node 3.0.0-474-gb852fd7
4
CVSSv2
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and previous versions allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine
Redhat Virtualization 4.0
4.3
CVSSv2
CVE-2014-0161
ovirt-engine-sdk-python prior to 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle malicious users to spoof rem...
Ovirt-engine-sdk-python Project Ovirt-engine-sdk-python
4.3
CVSSv2
CVE-2012-5518
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)
Ovirt Vdsm -
3.6
CVSSv2
CVE-2012-5638
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
Ovirt Sanlock -
4.3
CVSSv2
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote malicious users to inject arbitrary web script or HTML.
Redhat Ovirt-engine -
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »