Known Vulnerabilities for products from Ovirt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ovirt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0435 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-25 | 2023-02-14 |
| CVE-2022-0207 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.7 - MEDIUM | 2022-08-26 | 2023-02-12 |
| CVE-2020-35497 | A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, ... | 6.5 - MEDIUM | 2020-12-21 | 2023-11-07 |
| CVE-2020-14333 | A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable paramete... | 6.1 - MEDIUM | 2020-08-18 | 2023-02-12 |
| CVE-2019-19336 | A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. UR... | 6.1 - MEDIUM | 2020-03-19 | 2020-03-23 |
| CVE-2019-10194 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently prot... | 5.5 - MEDIUM | 2019-07-11 | 2023-03-01 |
| CVE-2019-10139 | During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/... | 7.8 - HIGH | 2019-05-17 | 2023-02-12 |
| CVE-2019-3879 | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command,... | 8.1 - HIGH | 2019-03-25 | 2020-10-19 |
| CVE-2019-3831 | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function expos... | 6.7 - MEDIUM | 2019-03-25 | 2020-10-19 |
| CVE-2018-1000018 | An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 7.8 - HIGH | 2018-01-24 | 2019-10-03 |
| CVE-2018-10908 | It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a... | 6.3 - MEDIUM | 2018-08-09 | 2019-10-09 |
| CVE-2018-1117 | ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt P... | 9.8 - CRITICAL | 2018-06-20 | 2019-10-09 |
| CVE-2018-1075 | ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-se... | 7.8 - HIGH | 2018-06-12 | 2023-02-13 |
| CVE-2018-1074 | ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Manage... | 7.2 - HIGH | 2018-04-26 | 2019-11-06 |
| CVE-2018-1073 | The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid ... | 5.3 - MEDIUM | 2018-06-19 | 2020-12-08 |
| CVE-2018-1072 | ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was ru... | 9.8 - CRITICAL | 2018-06-26 | 2019-10-09 |
| CVE-2017-15113 | ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only admi... | 6.6 - MEDIUM | 2018-07-27 | 2023-11-07 |
| CVE-2016-6341 | oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users... | 5.5 - MEDIUM | 2017-04-20 | 2017-04-25 |
| CVE-2014-8170 | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in... | 8.8 - HIGH | 2017-09-26 | 2023-02-13 |
| CVE-2014-7851 | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authent... | 7.5 - HIGH | 2017-10-16 | 2023-02-13 |
Known software with vulnerabilities from Ovirt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ovirt | Cockpit-ovirt | - |
| Application | Ovirt | Mom | 0.3.0-1 |
| Operating System | Ovirt | Node | 2.6.0-1 |
| Application | Ovirt | Ovirt | - |
| Application | Ovirt | Ovirt-engine | 3.0.0 |
| Application | Ovirt | Ovirt-hosted-engine-setup | 1.0.0 |
| Application | Ovirt | Vdsm | - |