Latest Ovirt Vulnerabilities

CVE-2024-0822
Ovirt: authentication bypass
Ovirt Ovirt-engine
CVE-2022-3193
An HTML injection/reflected XSS vulnerability is found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry allowing the vulnerability to trigger on the Windows Service Acc...
Ovirt Ovirt-engine=4.3.0
CVE-2022-2806
A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a...
redhat/ovirt-log-collector<0:4.4.7-2.el8e
Sos Project Sos<4.2-20.el8_6
Ovirt Log Collector<4.4.7-2.el8ev
redhat/sos<4.2-20.el8_6
pip/sosreport<4.4
CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability
redhat/kernel-rt<0:4.18.0-348.20.1.rt7.150.el8_5
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-147.64.1.el8_1
redhat/kernel-rt<0:4.18.0-193.79.1.rt13.129.el8_2
redhat/kernel<0:4.18.0-193.79.1.el8_2
redhat/kernel-rt<0:4.18.0-305.40.2.rt7.113.el8_4
and 183 more
CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 ...
redhat/kernel-rt<0:4.18.0-348.20.1.rt7.150.el8_5
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-147.65.1.el8_1
redhat/kernel-rt<0:4.18.0-193.80.1.rt13.130.el8_2
redhat/kernel<0:4.18.0-193.80.1.el8_2
redhat/kernel-rt<0:4.18.0-305.40.1.rt7.112.el8_4
and 208 more
CVE-2022-0207
Ovirt Vdsm>=4.30.1<4.50.0.4
Redhat Virtualization=4.0
Redhat Virtualization For Ibm Power Little Endian=4.0
Redhat Virtualization Host=4.0
Redhat Enterprise Linux=8.0
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine<=4.4.3
Redhat Virtualization=4.0
redhat/ovirt-engine<4.4.4.7
CVE-2020-14333
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This f...
Ovirt Ovirt-engine<=4.4.0
CVE-2013-0293
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
oVirt Node=2.6.0-1
debian
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw...
Ovirt Ovirt-engine<4.3.8
Redhat Virtualization=4.3
redhat/ovirt-engine-dwh<0:4.3.8-1.el7e
redhat/ovirt-engine-metrics<0:1.3.6.2-1.el7e
redhat/ovirt-fast-forward-upgrade<0:1.0.0-16.el7e
redhat/ovirt-imageio-common<0:1.5.3-0.el7e
and 4 more
CVE-2012-4480
mom creates world-writable pid files in /var/run
Ovirt Mom<0.3.0-1
Fedoraproject Fedora=17
Fedoraproject Fedora=18
CVE-2013-4367
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
Ovirt Ovirt-engine=3.2
Linux Linux kernel=3.1
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with...
Ovirt Ovirt
Redhat Virtualization Manager=4.3
CVE-2019-10139
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the applianc...
redhat/cockpit-ovirt<0:0.13.5-1.el7e
redhat/imgbased<0:1.1.9-0.1.el7e
redhat/ovirt-node-ng<0:4.3.5-0.20190717.0.el7e
redhat/redhat-release-virtualization-host<0:4.3.5-2.el7e
redhat/redhat-virtualization-host<0:4.3.5-20190722.0.el7_7
Ovirt Cockpit-ovirt
CVE-2019-3879
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the cal...
Ovirt Ovirt<4.3.2.1
Redhat Virtualization=4.2
CVE-2019-3831
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as...
redhat/vdsm<4.30.9
Ovirt Vdsm>=4.19<=4.30.3
Ovirt Vdsm>=4.30.5<=4.30.8
Redhat Gluster Storage=3.0
CVE-2018-10908
Ovirt Vdsm<4.20.37
Redhat Virtualization=4.0
CVE-2017-15113
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the ...
maven/org.ovirt.engine.sdk:ovirt-engine-sdk-java<4.1.7.6
Ovirt Ovirt<4.1.7.6
Redhat Virtualization=4.1
CVE-2018-1072
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and passw...
Ovirt Ovirt<4.2.2
Redhat Enterprise Virtualization Manager=4.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203