Lucene search

K
RedhatOvirt-engine

10 matches found

CVE
CVE
added 2020/08/24 5:15 p.m.99 views

CVE-2020-10775

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible...

5.3CVSS5.3AI score0.00223EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.60 views

CVE-2015-1780

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

6.5CVSS6.4AI score0.00249EPSS
CVE
CVE
added 2014/09/08 2:55 p.m.59 views

CVE-2014-0152

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

6.8CVSS6.8AI score0.00396EPSS
CVE
CVE
added 2015/02/13 3:59 p.m.56 views

CVE-2014-0151

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.

6.8CVSS7.2AI score0.00126EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.49 views

CVE-2016-3113

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6AI score0.04029EPSS
CVE
CVE
added 2018/03/06 3:29 p.m.49 views

CVE-2018-1062

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk a...

5.3CVSS5.1AI score0.00434EPSS
CVE
CVE
added 2017/10/16 3:29 p.m.48 views

CVE-2014-7851

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

7.5CVSS7.5AI score0.00388EPSS
CVE
CVE
added 2019/03/25 6:29 p.m.46 views

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.

8.8CVSS8.7AI score0.00253EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.45 views

CVE-2016-3077

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.

6.5CVSS6.1AI score0.0039EPSS
CVE
CVE
added 2018/03/13 1:29 a.m.38 views

CVE-2018-1000095

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.

4.8CVSS5AI score0.00219EPSS