Vulnerabilities > Redhat > Ovirt Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-24 | CVE-2020-10775 | Open Redirect vulnerability in multiple products An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. | 5.3 |
| 2019-11-22 | CVE-2015-1780 | Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | 4.0 |
| 2019-03-25 | CVE-2017-7510 | Information Exposure vulnerability in Redhat Ovirt-Engine 4.1.0 In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. | 8.8 |
| 2018-03-13 | CVE-2018-1000095 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. | 3.5 |
| 2018-03-06 | CVE-2018-1062 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Redhat Ovirt-Engine A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. | 3.5 |
| 2017-10-16 | CVE-2014-7851 | Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | 7.5 |
| 2017-08-07 | CVE-2016-3113 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
| 2017-06-06 | CVE-2016-3077 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Ovirt-Engine The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | 4.0 |