Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Ovirt-engine

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10775 2 Oracle, Redhat 2 Virtualization, Ovirt-engine 2020-09-04 2.6 LOW 5.3 MEDIUM
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
CVE-2016-3113 1 Redhat 1 Ovirt-engine 2020-02-18 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-1062 1 Redhat 1 Ovirt-engine 2020-02-18 3.5 LOW 5.3 MEDIUM
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
CVE-2015-1780 1 Redhat 2 Ovirt-engine, Virtualization 2019-11-25 4.0 MEDIUM 6.5 MEDIUM
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
CVE-2018-1000095 1 Redhat 1 Ovirt-engine 2019-11-06 3.5 LOW 4.8 MEDIUM
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
CVE-2016-3077 1 Redhat 1 Ovirt-engine 2019-11-06 4.0 MEDIUM 6.5 MEDIUM
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.