All the vulnerabilites related to redhat - ovirt-engine
Vulnerability from fkie_nvd
Published
2015-02-13 15:59
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2CA17752-70CD-4252-92F7-2DBA30D25D18",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en oVirt Engine anterior a 3.5.0 beta2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que realizan acciones no especificadas a trav\u00e9s de una solicitud REST API."
}
],
"id": "CVE-2014-0151",
"lastModified": "2024-11-21T02:01:29.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-13T15:59:01.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ovirt.org/OVirt_3.5_Release_Notes"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ovirt.org/OVirt_3.5_Release_Notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077441"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-16 15:29
Modified
2024-11-21 02:18
Severity ?
Summary
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ovirt | ovirt | 3.3.2 | |
| ovirt | ovirt | 3.4.0 | |
| redhat | ovirt-engine | 3.2.2 | |
| redhat | ovirt-engine | 3.3 | |
| redhat | ovirt-engine | 3.3 | |
| redhat | ovirt-engine | 3.3 | |
| redhat | ovirt-engine | 3.3.0.1 | |
| redhat | ovirt-engine | 3.3.1 | |
| redhat | ovirt-engine | 3.3.1 | |
| redhat | ovirt-engine | 3.3.1 | |
| redhat | ovirt-engine | 3.3.2 | |
| redhat | ovirt-engine | 3.3.3 | |
| redhat | ovirt-engine | 3.3.3 | |
| redhat | ovirt-engine | 3.3.4 | |
| redhat | ovirt-engine | 3.3.4 | |
| redhat | ovirt-engine | 3.3.5 | |
| redhat | ovirt-engine | 3.4.0 | |
| redhat | ovirt-engine | 3.4.0 | |
| redhat | ovirt-engine | 3.4.0 | |
| redhat | ovirt-engine | 3.4.0 | |
| redhat | ovirt-engine | 3.4.0 | |
| redhat | ovirt-engine | 3.4.1 | |
| redhat | ovirt-engine | 3.4.1 | |
| redhat | ovirt-engine | 3.4.2 | |
| redhat | ovirt-engine | 3.4.2 | |
| redhat | ovirt-engine | 3.4.3 | |
| redhat | ovirt-engine | 3.4.3 | |
| redhat | ovirt-engine | 3.4.4 | |
| redhat | ovirt-engine | 3.4.4 | |
| redhat | ovirt-engine | 3.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6E6948-A799-401D-BBF9-34E088601A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4941C28-47C1-41FC-A813-B114EA391C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "099D0B9C-942E-4CDA-955F-AC22F82DA07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A10B6656-8B72-4B96-B872-1ACEFEBD9038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23937BD7-A6BC-4DF3-B58B-1FFA8A3D0A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4E54C1E-DF2B-4C40-9A3F-06FCA970DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777DD954-802B-47A2-8927-CA72E73A1BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C832435-B6C7-44A6-B5E2-C4E67E7A50FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F13D468A-28B9-457D-BF86-0E0E292DF383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDA48F9-9E9D-4E11-B287-07356BE66033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A172A8C3-8460-4BE8-AE5D-2495BADBF5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3404EB7C-38EE-4299-A530-D136D45ADC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B50C157-7578-46B8-910C-D86DB73EE0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8654BEC8-43E4-4130-B24B-4B185BC1B3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBF59F3F-FD8E-42A4-8DEE-1377FDEB85C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BCC874AA-957B-4B22-85B5-EE2B5B3C5CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2B0FDC22-0F94-41E3-97AD-6C578B40A545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "206E5218-5685-4452-9D90-82CD6144DE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "078242F6-C141-488B-9841-6D7B02033B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0276178-19C2-4329-A684-C0D8610CD1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AC68E2AE-7972-4905-A5E3-CDD5E0A72BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7155754D-0418-4B1D-9875-5021E8D15A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CABBE4F-05AE-4395-AB89-DD6C21AD4BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E6F30C-0FAA-403A-B33F-FDE061C6480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D907E37C-3055-445A-B5EE-CDE5C20AAECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "684B8987-D27A-40D4-88E4-60197DDB660E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C416413-06B4-4A2B-8009-FD15E56D2FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B120777-E50B-494E-9AA3-F87B7F5ECEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "807C03B7-E154-4F71-84AC-83C31E0C6847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B949B545-2C41-401B-8753-7E442B02AEEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user\u0027s session data to gain that user\u0027s privileges by replacing their session token with that of another user."
},
{
"lang": "es",
"value": "oVirt 3.2.2 hasta la versi\u00f3n 3.5.0 no invalida la sesi\u00f3n restapi tras cerrar sesi\u00f3n desde el webadmin, lo que permite que usuarios remotos autenticados con conocimientos sobre los datos de sesi\u00f3n de otro usuario obtengan los privilegios de ese usuario reemplazando su token de sesi\u00f3n por el de otro usuario."
}
],
"id": "CVE-2014-7851",
"lastModified": "2024-11-21T02:18:08.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T15:29:00.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-08 14:55
Modified
2024-11-21 02:01
Severity ?
Summary
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://gerrit.ovirt.org/#/c/25959/ | Patch | |
| secalert@redhat.com | http://www.ovirt.org/Security_advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://gerrit.ovirt.org/#/c/25959/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ovirt.org/Security_advisories | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ovirt | ovirt | * | |
| redhat | ovirt-engine | 3.0.0 | |
| redhat | ovirt-engine | 3.1.0 | |
| redhat | ovirt-engine | 3.2.0 | |
| redhat | ovirt-engine | 3.3.0 | |
| redhat | ovirt-engine | 3.3.2 | |
| redhat | ovirt-engine | 3.3.3 | |
| redhat | ovirt-engine | 3.3.4 | |
| redhat | ovirt-engine | 3.3.5 | |
| redhat | ovirt-engine | 3.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6192BAD-EC59-47F8-98CD-CB8DE4698135",
"versionEndIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68EF6C38-6D25-4570-9FA2-816D62DD9041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2F4A5B-5A1E-445D-9115-FAF43FD77D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D45BE5C5-3B72-4BB1-93EA-95AD0F954DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C92604-65A4-41A2-B241-60D1F9FD2E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1702F2DD-A0BF-441D-83E1-006C90CB2C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AE4721-322E-4CB0-AD6F-E5BF5AF1C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2609DF24-7688-4D3E-A3B4-F5FAF9BFEA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDFA2AA-CB4D-4037-902A-248014BEE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "94875BBF-C98F-40A2-AB82-F7DB9A34DB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la interfaz de administraci\u00f3n web en oVirt 3.4.0 y anteriores permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0152",
"lastModified": "2024-11-21T02:01:29.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-08T14:55:02.403",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://gerrit.ovirt.org/#/c/25959/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ovirt.org/Security_advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://gerrit.ovirt.org/#/c/25959/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ovirt.org/Security_advisories"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-13 01:29
Modified
2024-11-21 03:39
Severity ?
Summary
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26770DC3-20E8-428A-9A5B-F0A495919769",
"versionEndIncluding": "4.2.2",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3."
},
{
"lang": "es",
"value": "oVirt, de la versi\u00f3n 4.2.0 a la 4.2.2, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el nombre/descripci\u00f3n de la porci\u00f3n de la m\u00e1quina virtual de la aplicaci\u00f3n web de administrador. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 4.2.3."
}
],
"id": "CVE-2018-1000095",
"lastModified": "2024-11-21T03:39:38.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T01:29:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://gerrit.ovirt.org/c/87265/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://gerrit.ovirt.org/c/87265/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 15:15
Modified
2024-11-21 02:26
Severity ?
Summary
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2015-1780 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2015-1780 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | - | |
| redhat | virtualization | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF4FE7F-2C7E-4AD1-BC28-1E51F2E68E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center"
},
{
"lang": "es",
"value": "Los usuarios de oVirt con permisos MANIPULATE_STORAGE_DOMAIN pueden adjuntar un dominio de almacenamiento en cualquier centro de datos."
}
],
"id": "CVE-2015-1780",
"lastModified": "2024-11-21T02:26:06.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T15:15:10.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2015-1780"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2015-1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 15:29
Modified
2024-11-21 03:59
Severity ?
Summary
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/103433 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHBA-2018:0135 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1549944 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://gerrit.ovirt.org/#/c/84861/ | Vendor Advisory | |
| secalert@redhat.com | https://gerrit.ovirt.org/#/c/84875/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103433 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2018:0135 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1549944 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gerrit.ovirt.org/#/c/84861/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gerrit.ovirt.org/#/c/84875/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39DAC583-E6BA-4AFF-945D-B4BC682CE1C6",
"versionEndExcluding": "4.1.9",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en versiones 4.1.x anteriores a la 4.1.9 de oVirt, donde la combinaci\u00f3n de las marcas Enable Discard y Wipe After Delete para los discos de m\u00e1quinas virtuales gestionados por oVirt podr\u00eda provocar que el disco tome el valor cero al eliminarse de una VM. Si los mismos bloques de almacenamiento se reasignan a un nuevo disco conectado a otra m\u00e1quina virtual, datos potencialmente sensibles podr\u00edan revelarse a usuarios privilegiados de esa m\u00e1quina virtual."
}
],
"id": "CVE-2018-1062",
"lastModified": "2024-11-21T03:59:05.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T15:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:0135"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gerrit.ovirt.org/#/c/84861/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gerrit.ovirt.org/#/c/84875/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:0135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gerrit.ovirt.org/#/c/84861/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gerrit.ovirt.org/#/c/84875/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 18:29
Modified
2024-11-21 03:32
Severity ?
Summary
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FD99FCF5-F433-4DED-98D5-954FB8E05DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface."
},
{
"lang": "es",
"value": "En ovirt-engine 4.1, si un host fuera aprovisionado con un cloud-init, la contrase\u00f1a root podr\u00eda ser revelada a trav\u00e9s de la interfaz REST."
}
],
"id": "CVE-2017-7510",
"lastModified": "2024-11-21T03:32:02.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T18:29:00.387",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-24 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1847420 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1847420 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | virtualization | 4.0 | |
| redhat | ovirt-engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A303983A-E6D6-4CBC-B2DC-0293EFB623AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261D6EB-0549-49F5-943F-ADC7141C636C",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de redireccionamiento Abierto en ovirt-engine versiones 4.4 y anteriores , donde permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios e intentar ataques de phishing. Una vez que el objetivo ha abierto la URL maliciosa en su navegador, la parte cr\u00edtica de la URL ya no es visible. La mayor amenaza de esta vulnerabilidad es la confidencialidad."
}
],
"id": "CVE-2020-10775",
"lastModified": "2024-11-21T04:56:02.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-24T17:15:10.867",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1326598 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1326598 | Issue Tracking, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF4FE7F-2C7E-4AD1-BC28-1E51F2E68E04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en ovirt-engine permite que atacantes remotos inyecten scripts web o HTML arbitrarios."
}
],
"id": "CVE-2016-3113",
"lastModified": "2024-11-21T02:49:24.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:01.027",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-06 18:29
Modified
2024-11-21 02:49
Severity ?
Summary
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1321972 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1321972 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ovirt-engine | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ovirt-engine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF4FE7F-2C7E-4AD1-BC28-1E51F2E68E04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs."
},
{
"lang": "es",
"value": "El m\u00e9todo VersionMapper.fromKernelVersionString en oVirt Engine permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del proceso) para todas las m\u00e1quinas virtuales."
}
],
"id": "CVE-2016-3077",
"lastModified": "2024-11-21T02:49:19.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-06T18:29:00.433",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-3077
Vulnerability from cvelistv5
Published
2017-06-06 18:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1321972 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3077",
"datePublished": "2017-06-06T18:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0151
Vulnerability from cvelistv5
Published
2015-02-13 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1077441 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0158.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ovirt.org/OVirt_3.5_Release_Notes | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077441"
},
{
"name": "RHSA-2015:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ovirt.org/OVirt_3.5_Release_Notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077441"
},
{
"name": "RHSA-2015:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ovirt.org/OVirt_3.5_Release_Notes"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0151",
"datePublished": "2015-02-13T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7510
Vulnerability from cvelistv5
Published
2019-03-25 17:50
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RHV",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:50:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7510",
"datePublished": "2019-03-25T17:50:15",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3113
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1326598 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3113",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10775
Vulnerability from cvelistv5
Published
2020-08-24 16:13
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1847420 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | ovirt-engine |
Version: ovirt-engine versions before 4.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ovirt-engine",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ovirt-engine versions before 4.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 leads to CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T16:13:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ovirt-engine",
"version": {
"version_data": [
{
"version_value": "ovirt-engine versions before 4.4.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451 leads to CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10775",
"datePublished": "2020-08-24T16:13:00",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0152
Vulnerability from cvelistv5
Published
2014-09-08 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://gerrit.ovirt.org/#/c/25959/ | x_refsource_CONFIRM | |
| http://www.ovirt.org/Security_advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gerrit.ovirt.org/#/c/25959/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ovirt.org/Security_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-08T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gerrit.ovirt.org/#/c/25959/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ovirt.org/Security_advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0152",
"datePublished": "2014-09-08T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7851
Vulnerability from cvelistv5
Published
2017-10-16 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1161730 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1165311 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user\u0027s session data to gain that user\u0027s privileges by replacing their session token with that of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7851",
"datePublished": "2017-10-16T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000095
Vulnerability from cvelistv5
Published
2018-03-13 01:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gerrit.ovirt.org/c/87265/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-07T00:00:00",
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gerrit.ovirt.org/c/87265/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/7/2018 6:33:50",
"ID": "CVE-2018-1000095",
"REQUESTER": "awels@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java",
"refsource": "MISC",
"url": "https://gerrit.ovirt.org/#/c/87265/2/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/host/HostNetworkInterfaceListViewItem.java"
},
{
"name": "https://gerrit.ovirt.org/c/87265/",
"refsource": "MISC",
"url": "https://gerrit.ovirt.org/c/87265/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000095",
"datePublished": "2018-03-13T01:00:00",
"dateReserved": "2018-03-12T00:00:00",
"dateUpdated": "2024-08-05T12:33:49.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1780
Vulnerability from cvelistv5
Published
2019-11-22 14:17
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2015-1780 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2015-1780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "oVirt",
"vendor": "oVirt",
"versions": [
{
"status": "affected",
"version": "through 2015-03-06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Users with MANIPULATE_STORAGE_DOMAIN can attach a storage domain to any data-center",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T14:17:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2015-1780"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1780",
"datePublished": "2019-11-22T14:17:26",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1062
Vulnerability from cvelistv5
Published
2018-03-06 15:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1549944 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHBA-2018:0135 | vendor-advisory, x_refsource_REDHAT | |
| https://gerrit.ovirt.org/#/c/84875/ | x_refsource_CONFIRM | |
| https://gerrit.ovirt.org/#/c/84861/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103433 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
},
{
"name": "RHBA-2018:0135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:0135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.ovirt.org/#/c/84875/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.ovirt.org/#/c/84861/"
},
{
"name": "103433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "oVirt",
"vendor": "oVirt",
"versions": [
{
"status": "affected",
"version": "4.1.x before 4.1.9"
}
]
}
],
"datePublic": "2018-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
},
{
"name": "RHBA-2018:0135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:0135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.ovirt.org/#/c/84875/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.ovirt.org/#/c/84861/"
},
{
"name": "103433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-06T00:00:00",
"ID": "CVE-2018-1062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "oVirt",
"version": {
"version_data": [
{
"version_value": "4.1.x before 4.1.9"
}
]
}
}
]
},
"vendor_name": "oVirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
},
{
"name": "RHBA-2018:0135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:0135"
},
{
"name": "https://gerrit.ovirt.org/#/c/84875/",
"refsource": "CONFIRM",
"url": "https://gerrit.ovirt.org/#/c/84875/"
},
{
"name": "https://gerrit.ovirt.org/#/c/84861/",
"refsource": "CONFIRM",
"url": "https://gerrit.ovirt.org/#/c/84861/"
},
{
"name": "103433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1062",
"datePublished": "2018-03-06T15:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T02:16:32.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}