Skip to main content

Ovirt Engine

14 CVEs product

Monthly

CVE-2024-7259 MEDIUM This Month

A flaw was found in oVirt. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-0822 HIGH POC This Week

An authentication bypass vulnerability was found in overt-engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ovirt Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3193 MEDIUM This Month

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-35497 MEDIUM This Month

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Engine Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10775 MEDIUM This Month

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Virtualization Ovirt Engine
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-14333 MEDIUM This Month

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-1073 MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization Virtualization Host
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2018-1000095 MEDIUM PATCH This Month

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ovirt Engine
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1062 MEDIUM This Month

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2014-7851 HIGH This Week

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Ovirt Ovirt Engine
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
4.0%
CVE-2016-3077 MEDIUM This Month

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ovirt Engine
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2014-0151 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ovirt Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0152 MEDIUM PATCH This Month

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Ovirt Ovirt Engine
NVD
CVSS 2.0
6.8
EPSS
0.4%
EPSS 0% CVSS 4.9
MEDIUM This Month

A flaw was found in oVirt. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An authentication bypass vulnerability was found in overt-engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ovirt Engine
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Ovirt Engine
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Engine Virtualization
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Virtualization Ovirt Engine
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization +1
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ovirt Engine
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
EPSS 0% CVSS 7.5
HIGH This Week

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Ovirt Ovirt Engine
NVD
EPSS 4% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ovirt Engine
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ovirt Engine
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Ovirt Ovirt Engine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy