Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ovirt-Engine Security Vulnerabilities - February

cve
cve

CVE-2013-4367

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.

7.8CVSS

7.4AI Score

0.0004EPSS

2019-11-01 06:15 PM
114
cve
cve

CVE-2018-1073

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

5.3CVSS

5.5AI Score

0.001EPSS

2018-06-19 12:29 PM
42
cve
cve

CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the u...

6.1CVSS

5.7AI Score

0.001EPSS

2020-03-19 02:15 PM
102
cve
cve

CVE-2020-14333

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other...

6.3CVSS

5.8AI Score

0.001EPSS

2020-08-18 02:15 PM
49
cve
cve

CVE-2020-35497

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

6.5CVSS

6.2AI Score

0.001EPSS

2020-12-21 05:15 PM
43
2
cve
cve

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...

7.8CVSS

7.7AI Score

0.121EPSS

2022-03-10 05:44 PM
1831
In Wild
4
cve
cve

CVE-2022-3193

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.

6.1CVSS

6AI Score

0.001EPSS

2022-09-28 07:15 PM
36
2
cve
cve

CVE-2024-0822

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-25 04:15 PM
67