Known Vulnerabilities for products from Ovirt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ovirt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-0822 json | 7.5 - HIGH | 2024-01-25 | 2024-01-31 | |
| CVE-2022-3193 json | An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_descri... | 6.1 - MEDIUM | 2022-09-28 | 2022-09-29 |
| CVE-2022-2806 json | It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, o... | 5.5 - MEDIUM | 2022-09-01 | 2022-09-07 |
| CVE-2022-0847 json | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_pag... | 7.8 - HIGH | 2022-03-10 | 2024-01-12 |
| CVE-2022-0435 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-25 | 2023-02-14 |
| CVE-2022-0207 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.7 - MEDIUM | 2022-08-26 | 2023-02-12 |
| CVE-2020-35497 json | A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, ... | 6.5 - MEDIUM | 2020-12-21 | 2023-11-07 |
| CVE-2020-14333 json | A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable paramete... | 6.1 - MEDIUM | 2020-08-18 | 2023-02-12 |
| CVE-2019-19336 json | A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. UR... | 6.1 - MEDIUM | 2020-03-19 | 2020-03-23 |
| CVE-2019-10194 json | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently prot... | 5.5 - MEDIUM | 2019-07-11 | 2023-03-01 |
| CVE-2019-10139 json | During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/... | 7.8 - HIGH | 2019-05-17 | 2023-02-12 |
| CVE-2019-3879 json | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command,... | 8.1 - HIGH | 2019-03-25 | 2020-10-19 |
| CVE-2019-3831 json | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function expos... | 6.7 - MEDIUM | 2019-03-25 | 2020-10-19 |
| CVE-2018-1000018 json | An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 7.8 - HIGH | 2018-01-24 | 2019-10-03 |
| CVE-2018-10908 json | It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a... | 6.3 - MEDIUM | 2018-08-09 | 2019-10-09 |
| CVE-2018-1117 json | ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt P... | 9.8 - CRITICAL | 2018-06-20 | 2019-10-09 |
| CVE-2018-1075 json | ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-se... | 7.8 - HIGH | 2018-06-12 | 2023-02-13 |
| CVE-2018-1074 json | ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Manage... | 7.2 - HIGH | 2018-04-26 | 2019-11-06 |
| CVE-2018-1073 json | The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid ... | 5.3 - MEDIUM | 2018-06-19 | 2020-12-08 |
| CVE-2018-1072 json | ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was ru... | 9.8 - CRITICAL | 2018-06-26 | 2019-10-09 |
Known software with vulnerabilities from Ovirt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ovirt | Cockpit-ovirt | - |
| Application | Ovirt | Mom | 0.3.0-1 |
| Operating System | Ovirt | Node | 2.6.0-1 |
| Application | Ovirt | Ovirt | - |
| Application | Ovirt | Ovirt-engine | 3.0.0 |
| Application | Ovirt | Ovirt-hosted-engine-setup | 1.0.0 |
| Application | Ovirt | Vdsm | - |