Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-1000018
An information disclosure in ovirt-hosted-engine-setup before 2.2.7 reveals the root user's password in the log file.
Ovirt Ovirt-hosted-engine-setup
8.1
CVSSv3
CVE-2019-3879
It exists that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploi...
Ovirt Ovirt
Redhat Virtualization 4.2
6.5
CVSSv3
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and previous versions allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine
Redhat Virtualization 4.0
5.5
CVSSv3
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
6.1
CVSSv3
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an malicious user to craft malicious HTML pages that can run s...
Ovirt Ovirt-engine
Redhat Virtualization 4.3
8.8
CVSSv3
CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate malicious users ...
Ovirt Ovirt-node 3.0.0-474-gb852fd7
5.9
CVSSv3
CVE-2014-0161
ovirt-engine-sdk-python prior to 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle malicious users to spoof rem...
Ovirt-engine-sdk-python Project Ovirt-engine-sdk-python
NA
CVE-2012-5638
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
Ovirt Sanlock -
7.5
CVSSv3
CVE-2012-5518
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)
Ovirt Vdsm -
NA
CVE-2014-0151
Cross-site request forgery (CSRF) vulnerability in oVirt Engine prior to 3.5.0 beta2 allows remote malicious users to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
Redhat Ovirt-engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »