redhat ovirt-engine CVE Vulnerabilities (10)

CVEs: 10 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting redhat ovirt-engine (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 110 of 10 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-10775 An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. [email protected] 5.3 1.85% 2020-08-24 2026-06-16
CVE-2015-1780 oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center [email protected] 6.5 1.04% 2019-11-22 2026-06-16
CVE-2017-7510 In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. [email protected] 8.8 1.04% 2019-03-25 2026-06-16
CVE-2018-1000095 oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3. [email protected] 4.8 0.52% 2018-03-12 2026-06-16
CVE-2018-1062 A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. [email protected] 5.3 1.42% 2018-03-06 2026-06-16
CVE-2014-7851 oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. [email protected] 7.5 1.00% 2017-10-16 2026-06-16
CVE-2016-3113 Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. [email protected] 6.1 2.74% 2017-08-07 2026-06-16
CVE-2016-3077 The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. [email protected] 6.5 1.00% 2017-06-06 2026-06-16
CVE-2014-0151 Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. [email protected] 6.8 0.64% 2015-02-13 2026-06-16
CVE-2014-0152 Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. [email protected] 6.8 1.76% 2014-09-08 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence