Red Hat Ovirt Engine
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Ovirt Engine . Ovirt Engine did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.30 |
| 2019 | 1 | 8.80 |
| 2018 | 2 | 5.05 |
It may take a day or so for new Ovirt Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Ovirt Engine Security Vulnerabilities
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it
CVE-2020-10775
5.3 - Medium
- August 24, 2020
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
Open Redirect
In ovirt-engine 4.1
CVE-2017-7510
8.8 - High
- March 25, 2019
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
Information Disclosure
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application
CVE-2018-1000095
4.8 - Medium
- March 13, 2018
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
XSS
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed
CVE-2018-1062
5.3 - Medium
- March 06, 2018
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Improper Removal of Sensitive Information Before Storage or Transfer
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain
CVE-2014-7851
7.5 - High
- October 16, 2017
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
Permissions, Privileges, and Access Controls
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests
CVE-2014-0151
- February 13, 2015
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
Session Riding
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier
CVE-2014-0152
- September 08, 2014
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Ovirt Engine or by Red Hat? Click the Watch button to subscribe.
