Redhat Ovirt-engine
5 CVEs affecting Redhat Ovirt-engine. Latest disclosed: 2017-10-16. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-7851 | High | 7.5 | 2017-10-16 | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of ano… |
CVE-2016-3077 | Medium | 6.5 | 2017-06-06 | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. |
CVE-2016-3113 | Medium | 6.1 | 2017-08-07 | Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. |
CVE-2014-0151 | | 2015-02-13 | Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests t… | |
CVE-2014-0152 | | 2014-09-08 | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |