Vulnerabilities > Ovirt

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2024-0822 Improper Authentication vulnerability in Ovirt Ovirt-Engine
An authentication bypass vulnerability was found in overt-engine.
network
low complexity
ovirt CWE-287
7.5
2022-09-28 CVE-2022-3193 Cross-site Scripting vulnerability in Ovirt Ovirt-Engine 4.3.0
An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine.
network
low complexity
ovirt CWE-79
6.1
2022-08-26 CVE-2022-0207 Race Condition vulnerability in multiple products
A race condition was found in vdsm.
local
high complexity
ovirt redhat CWE-362
4.7
2022-03-25 CVE-2022-0435 Out-of-bounds Write vulnerability in multiple products
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
network
low complexity
linux redhat ovirt fedoraproject netapp CWE-787
8.8
2022-03-10 CVE-2022-0847 Improper Initialization vulnerability in multiple products
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.
7.8
2020-12-21 CVE-2020-35497 Improper Access Control vulnerability in multiple products
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
network
low complexity
ovirt redhat CWE-284
6.5
2020-08-18 CVE-2020-14333 Cross-site Scripting vulnerability in Ovirt Ovirt-Engine
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack.
network
low complexity
ovirt CWE-79
6.1
2020-03-19 CVE-2019-19336 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8.
network
ovirt redhat CWE-79
4.3
2019-12-10 CVE-2013-0293 Improper Privilege Management vulnerability in Ovirt Node 2.6.01
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
local
low complexity
ovirt CWE-269
7.2
2019-12-02 CVE-2012-4480 Improper Privilege Management vulnerability in multiple products
mom creates world-writable pid files in /var/run
local
low complexity
ovirt fedoraproject CWE-269
4.6