Vulnerabilities > Ovirt
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-02 | CVE-2012-4480 | Improper Privilege Management vulnerability in multiple products mom creates world-writable pid files in /var/run | 7.8 |
2019-11-25 | CVE-2012-5518 | Improper Certificate Validation vulnerability in Ovirt Vdsm vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | 7.5 |
2019-11-01 | CVE-2013-4367 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovirt Ovirt-Engine 3.2 ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 7.8 |
2019-07-11 | CVE-2019-10194 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. | 5.5 |
2019-05-17 | CVE-2019-10139 | Unspecified vulnerability in Ovirt Cockpit-Ovirt During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. | 7.8 |
2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 8.1 |
2019-03-25 | CVE-2019-3831 | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. | 6.7 |
2018-08-09 | CVE-2018-10908 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. | 6.3 |
2018-07-27 | CVE-2017-15113 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. | 6.6 |
2018-06-26 | CVE-2018-1072 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. | 9.8 |