Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-24	CVE-2020-10775	Open Redirect vulnerability in multiple products An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. network high complexity oracle redhat CWE-601	5.3
2019-11-22	CVE-2015-1780	Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center network low complexity redhat CWE-863	6.5
2018-03-13	CVE-2018-1000095	Cross-site Scripting vulnerability in Redhat Ovirt-Engine oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. network low complexity redhat CWE-79	4.8
2018-03-06	CVE-2018-1062	Improper Cross-boundary Removal of Sensitive Data vulnerability in Redhat Ovirt-Engine A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. network high complexity redhat CWE-212	5.3
2017-08-07	CVE-2016-3113	Cross-site Scripting vulnerability in Redhat Ovirt-Engine Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. network low complexity redhat CWE-79	6.1
2017-06-06	CVE-2016-3077	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Ovirt-Engine The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. network low complexity redhat CWE-119	6.5