Known Vulnerabilities for Ovirt-engine by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Ovirt-engine" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-10775 | An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redire... | 5.3 - MEDIUM | 2020-08-24 | 2023-11-07 |
| CVE-2018-1000095 | oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of th... | 4.8 - MEDIUM | 2018-03-13 | 2019-11-06 |
| CVE-2018-1062 | A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete fla... | 5.3 - MEDIUM | 2018-03-06 | 2020-02-18 |
| CVE-2017-7510 | In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interfac... | 8.8 - HIGH | 2019-03-25 | 2023-02-12 |
| CVE-2016-3113 | Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | 6.1 - MEDIUM | 2017-08-07 | 2020-02-18 |
| CVE-2016-3077 | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of servi... | 6.5 - MEDIUM | 2017-06-06 | 2019-11-06 |
| CVE-2015-1780 | oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | 6.5 - MEDIUM | 2019-11-22 | 2019-11-25 |
| CVE-2014-7851 | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authent... | 7.5 - HIGH | 2017-10-16 | 2023-02-13 |
| CVE-2014-0152 | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web se... | 6.8 - MEDIUM | 2014-09-08 | 2023-02-13 |
| CVE-2014-0151 | Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the auth... | 6.8 - MEDIUM | 2015-02-13 | 2023-02-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ovirt-engine | 4.4 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.7.1 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.7.0 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.7 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.6 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.5 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.4 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.3 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.2 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6.1 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.6 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.6 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.5 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.4 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.3 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.2 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5.1 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.5 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.4.3 | All | All | All |
| Application | Redhat | Ovirt-engine | 4.3.4.2 | All | All | All |