Ovirt Engine Red Hat Ovirt Engine

Do you want an email whenever new security vulnerabilities are reported in Red Hat Ovirt Engine?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Ovirt Engine . Ovirt Engine did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 1 5.30
2019 0 0.00
2018 2 5.05

It may take a day or so for new Ovirt Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Ovirt Engine Security Vulnerabilities

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it

CVE-2020-10775 5.3 - Medium - August 24, 2020

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

Open Redirect

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application

CVE-2018-1000095 4.8 - Medium - March 13, 2018

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.

XSS

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed

CVE-2018-1062 5.3 - Medium - March 06, 2018

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.

Improper Removal of Sensitive Information Before Storage or Transfer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Ovirt Engine or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe