Every CVE whose affected-product data names Ovirt Ovirt-engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2013-4367 — CVSS 7.8 (high): ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which…
CVE-2024-0822 — CVSS 7.5 (high): An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without…
CVE-2020-35497 — CVSS 6.5 (medium): A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including…
CVE-2020-14333 — CVSS 6.3 (medium): A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely…
CVE-2019-19336 — CVSS 6.1 (medium): A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters…
CVE-2022-3193 — CVSS 6.1 (medium): An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails…
CVE-2018-1073 — CVSS 5.3 (medium): The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords…
CVE-2024-7259 — CVSS 4.9 (medium): A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use…