Every CVE whose affected-product data names Redhat Ovirt-engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2017-7510 — CVSS 8.8 (high): In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
CVE-2014-7851 — CVSS 7.5 (high): oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users…
CVE-2014-0152 — CVSS 6.8 (medium): Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via…
CVE-2014-0151 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of…
CVE-2015-1780 — CVSS 6.5 (medium): oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
CVE-2016-3077 — CVSS 6.5 (medium): The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process…
CVE-2016-3113 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-1062 — CVSS 5.3 (medium): A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM…
CVE-2020-10775 — CVSS 5.3 (medium): An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to…
CVE-2018-1000095 — CVSS 4.8 (medium): oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin…