Vulnerabilities > Ovirt > Ovirt Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2024-0822 | Improper Authentication vulnerability in Ovirt Ovirt-Engine An authentication bypass vulnerability was found in overt-engine. | 7.5 |
| 2022-09-28 | CVE-2022-3193 | Cross-site Scripting vulnerability in Ovirt Ovirt-Engine 4.3.0 An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. | 6.1 |
| 2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |
| 2020-12-21 | CVE-2020-35497 | Improper Access Control vulnerability in multiple products A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. | 6.5 |
| 2020-08-18 | CVE-2020-14333 | Cross-site Scripting vulnerability in Ovirt Ovirt-Engine A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. | 6.1 |
| 2020-03-19 | CVE-2019-19336 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. | 4.3 |
| 2019-11-01 | CVE-2013-4367 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovirt Ovirt-Engine 3.2 ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 4.6 |
| 2018-06-19 | CVE-2018-1073 | Information Exposure vulnerability in multiple products The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. | 5.0 |