Ovirt
Products
4- 7 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8170 | Hig | 0.57 | 8.8 | 0.01 | Sep 26, 2017 | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | |
| CVE-2014-7851 | Hig | 0.49 | 7.5 | 0.00 | Oct 16, 2017 | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | |
| CVE-2013-0293 | 0.00 | — | 0.00 | Dec 10, 2019 | oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | ||
| CVE-2015-1780 | 0.00 | — | 0.00 | Nov 22, 2019 | oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | ||
| CVE-2018-1062 | 0.00 | — | 0.00 | Mar 6, 2018 | A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. | ||
| CVE-2014-0154 | 0.00 | — | 0.00 | Feb 13, 2015 | oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||
| CVE-2014-0153 | 0.00 | — | 0.00 | Sep 8, 2014 | The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. | ||
| CVE-2014-0152 | 0.00 | — | 0.00 | Sep 8, 2014 | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||
| CVE-2012-5638 | 0.00 | — | 0.00 | Dec 20, 2012 | The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations. | ||
| CVE-2012-3533 | 0.00 | — | 0.00 | Aug 31, 2012 | The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. |
- risk 0.57cvss 8.8epss 0.01
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
- risk 0.49cvss 7.5epss 0.00
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
- CVE-2013-0293Dec 10, 2019risk 0.00cvss —epss 0.00
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
- CVE-2015-1780Nov 22, 2019risk 0.00cvss —epss 0.00
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
- CVE-2018-1062Mar 6, 2018risk 0.00cvss —epss 0.00
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
- CVE-2014-0154Feb 13, 2015risk 0.00cvss —epss 0.00
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
- CVE-2014-0153Sep 8, 2014risk 0.00cvss —epss 0.00
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
- CVE-2014-0152Sep 8, 2014risk 0.00cvss —epss 0.00
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2012-5638Dec 20, 2012risk 0.00cvss —epss 0.00
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
- CVE-2012-3533Aug 31, 2012risk 0.00cvss —epss 0.00
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.