Latest ovirt ovirt-engine Vulnerabilities

CVE-2024-0822
Ovirt: authentication bypass
Ovirt Ovirt-engine
CVE-2022-3193
An HTML injection/reflected XSS vulnerability is found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry allowing the vulnerability to trigger on the Windows Service Acc...
Ovirt Ovirt-engine=4.3.0
CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability
redhat/kernel-rt<0:4.18.0-348.20.1.rt7.150.el8_5
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-147.64.1.el8_1
redhat/kernel-rt<0:4.18.0-193.79.1.rt13.129.el8_2
redhat/kernel<0:4.18.0-193.79.1.el8_2
redhat/kernel-rt<0:4.18.0-305.40.2.rt7.113.el8_4
and 183 more
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine<=4.4.3
Redhat Virtualization=4.0
redhat/ovirt-engine<4.4.4.7
CVE-2020-14333
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This f...
Ovirt Ovirt-engine<=4.4.0
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw...
Ovirt Ovirt-engine<4.3.8
Redhat Virtualization=4.3
redhat/ovirt-engine-dwh<0:4.3.8-1.el7e
redhat/ovirt-engine-metrics<0:1.3.6.2-1.el7e
redhat/ovirt-fast-forward-upgrade<0:1.0.0-16.el7e
redhat/ovirt-imageio-common<0:1.5.3-0.el7e
and 4 more
CVE-2013-4367
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
Ovirt Ovirt-engine=3.2
Linux Linux kernel=3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203