CVE-2024-7259

< 4.5.7

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to

4.9MEDIUM

CVE-2024-0822

all versions

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without aut

7.5HIGH

CVE-2022-3193

all versions

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description

6.1MEDIUM

CVE-2022-0847

all versions

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_

7.8HIGH

CVE-2020-35497

<= 4.4.3

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, inclu

6.5MEDIUM

CVE-2020-10775

<= 4.4

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect us

5.3MEDIUM

CVE-2020-14333

<= 4.4.0

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters co

6.3MEDIUM

CVE-2019-19336

< 4.3.8

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL par

6.1MEDIUM

CVE-2015-1780

all versions

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

6.5MEDIUM

CVE-2013-4367

all versions

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change whic

7.8HIGH

CVE-2017-7510

all versions

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.

8.8HIGH

CVE-2018-1073

< 4.2.3

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passw

5.3MEDIUM

CVE-2018-1000095

>= 4.2.0 and <= 4.2.2

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web

4.8MEDIUM

CVE-2018-1062

>= 4.1.0 and < 4.1.9

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags fo

5.3MEDIUM

CVE-2014-7851

all versions

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticate

7.5HIGH

CVE-2016-3113

all versions

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

6.1MEDIUM

CVE-2016-3077

all versions

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (p

6.5MEDIUM

CVE-2014-0151

<= 3.5.0

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentic

CVE-2014-0152

all versions

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web session

CVE-2012-3533

<= 3.1.0.5

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client ke