Vulnerabilities > Ovirt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2024-0822 | Improper Authentication vulnerability in Ovirt Ovirt-Engine An authentication bypass vulnerability was found in overt-engine. | 7.5 |
| 2022-03-25 | CVE-2022-0435 | Out-of-bounds Write vulnerability in multiple products A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. | 8.8 |
| 2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |
| 2019-12-10 | CVE-2013-0293 | Improper Privilege Management vulnerability in Ovirt Node 2.6.01 oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | 7.8 |
| 2019-12-02 | CVE-2012-4480 | Improper Privilege Management vulnerability in multiple products mom creates world-writable pid files in /var/run | 7.8 |
| 2019-11-25 | CVE-2012-5518 | Improper Certificate Validation vulnerability in Ovirt Vdsm vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | 7.5 |
| 2019-11-01 | CVE-2013-4367 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovirt Ovirt-Engine 3.2 ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 7.8 |
| 2019-05-17 | CVE-2019-10139 | Unspecified vulnerability in Ovirt Cockpit-Ovirt During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. | 7.8 |
| 2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 8.1 |
| 2018-06-12 | CVE-2018-1075 | Unspecified vulnerability in Ovirt ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. | 7.8 |