Vulnerabilities > Ovirt > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-28 CVE-2022-3193 Cross-site Scripting vulnerability in Ovirt Ovirt-Engine 4.3.0
An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine.
network
low complexity
ovirt CWE-79
6.1
6.1
2022-09-01 CVE-2022-2806 It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered.
local
low complexity
sos-project ovirt
5.5
5.5
2022-08-26 CVE-2022-0207 A race condition was found in vdsm.
local
high complexity
ovirt redhat
4.7
4.7
2020-12-21 CVE-2020-35497 A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
network
low complexity
ovirt redhat
6.5
6.5
2020-08-18 CVE-2020-14333 Unspecified vulnerability in Ovirt Ovirt-Engine
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack.
network
low complexity
ovirt
6.1
6.1
2020-03-19 CVE-2019-19336 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8.
network
low complexity
ovirt redhat CWE-79
6.1
6.1
2019-07-11 CVE-2019-10194 Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions.
local
low complexity
ovirt redhat
5.5
5.5
2019-03-25 CVE-2019-3831 A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8.
local
low complexity
ovirt redhat
6.7
6.7
2018-08-09 CVE-2018-10908 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources.
local
low complexity
ovirt redhat CWE-770
6.3
6.3
2018-07-27 CVE-2017-15113 Information Exposure Through Log Files vulnerability in multiple products
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking.
network
high complexity
ovirt redhat CWE-532
6.6
6.6