Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ovirt-engine - vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-18635
An XSS vulnerability exists in noVNC prior to 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Novnc Novnc
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Redhat Openstack 13
1 Github repository
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
195 Github repositories
6.1
CVSSv3
CVE-2019-8331
In Bootstrap prior to 3.4.1 and 4.3.x prior to 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Getbootstrap Bootstrap
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Security Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
F5 Big-ip Edge Gateway
Redhat Virtualization Manager 4.3
Tenable Tenable.sc
8 Github repositories
6.1
CVSSv3
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote malicious users to inject arbitrary web script or HTML.
Redhat Ovirt-engine -
1 Github repository
5.9
CVSSv3
CVE-2014-3706
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle malicious users to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
Redhat Enterprise Mrg 3.0
5.5
CVSSv3
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
5.3
CVSSv3
CVE-2020-10775
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and previous versions, where it allows remote malicious users to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical p...
Oracle Virtualization 4.0
Redhat Ovirt-engine
4.8
CVSSv3
CVE-2018-1000095
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
Redhat Ovirt-engine
NA
CVE-2014-0151
Cross-site request forgery (CSRF) vulnerability in oVirt Engine prior to 3.5.0 beta2 allows remote malicious users to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
Redhat Ovirt-engine
NA
CVE-2014-0152
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and previous versions allows remote malicious users to hijack web sessions via unspecified vectors.
Ovirt Ovirt
Redhat Ovirt-engine 3.0.0
Redhat Ovirt-engine 3.1.0
Redhat Ovirt-engine 3.2.0
Redhat Ovirt-engine 3.3.0
Redhat Ovirt-engine 3.3.2
Redhat Ovirt-engine 3.3.3
Redhat Ovirt-engine 3.3.4
Redhat Ovirt-engine 3.3.5
Redhat Ovirt-engine 3.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2