Every CVE whose affected-product data names Ovirt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2019-3879 — CVSS 8.1 (high): It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the…
CVE-2018-1074 — CVSS 7.7 (high): ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management…
CVE-2014-7851 — CVSS 7.5 (high): oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users…
CVE-2017-15113 — CVSS 7.2 (high): ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can…
CVE-2014-0152 — CVSS 6.8 (medium): Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via…
CVE-2016-6341 — CVSS 5.5 (medium): oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain…
CVE-2019-10194 — CVSS 5.5 (medium): Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected…
CVE-2018-1075 — CVSS 5.0 (medium): ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run…
CVE-2014-0154 — CVSS 5.0 (medium): oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote…
CVE-2012-3533 — CVSS 5.0 (medium): The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which…
CVE-2018-1072 — CVSS 5.0 (medium): ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of…
CVE-2014-0153 — CVSS 4.3 (medium): The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive…