Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt ovirt-engine vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-10735
In Bootstrap 3.x prior to 3.4.0 and 4.x-beta prior to 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Getbootstrap Bootstrap 4.0.0
Getbootstrap Bootstrap
6.1
CVSSv3
CVE-2018-20676
In Bootstrap prior to 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Getbootstrap Bootstrap
6.1
CVSSv3
CVE-2018-20677
In Bootstrap prior to 3.4.0, XSS is possible in the affix configuration target property.
Getbootstrap Bootstrap
1 Github repository
6.1
CVSSv3
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote malicious users to inject arbitrary web script or HTML.
Redhat Ovirt-engine -
1 Github repository
5.9
CVSSv3
CVE-2014-0161
ovirt-engine-sdk-python prior to 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle malicious users to spoof rem...
Ovirt-engine-sdk-python Project Ovirt-engine-sdk-python
5.9
CVSSv3
CVE-2014-3706
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle malicious users to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
Redhat Enterprise Mrg 3.0
5.6
CVSSv3
CVE-2020-7598
minimist prior to 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Substack Minimist
Opensuse Leap 15.1
8 Github repositories
5.5
CVSSv3
CVE-2022-2806
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
Sos Project Sos
Ovirt Log Collector
5.5
CVSSv3
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
5.3
CVSSv3
CVE-2021-23425
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
Trim-off-newlines Project Trim-off-newlines
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »