Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt-engine vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2013-4367
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
Ovirt Ovirt-engine 3.2
6.1
CVSSv3
CVE-2022-3193
An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.
Ovirt Ovirt-engine 4.3.0
8.8
CVSSv3
CVE-2017-7510
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
Redhat Ovirt-engine 4.1.0
6.1
CVSSv3
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an malicious user to craft malicious HTML pages that can run s...
Ovirt Ovirt-engine
Redhat Virtualization 4.3
6.5
CVSSv3
CVE-2015-1780
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
Redhat Ovirt-engine -
Redhat Virtualization 3.0
6.5
CVSSv3
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and previous versions allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine
Redhat Virtualization 4.0
5.3
CVSSv3
CVE-2020-10775
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and previous versions, where it allows remote malicious users to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical p...
Oracle Virtualization 4.0
Redhat Ovirt-engine
5.3
CVSSv3
CVE-2021-23425
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
Trim-off-newlines Project Trim-off-newlines
5.5
CVSSv3
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
7.5
CVSSv3
CVE-2022-31051
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `...
Semantic-release Project Semantic-release
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »