cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0822,https://securityvulnerability.io/vulnerability/CVE-2024-0822,Ovirt: authentication bypass,"An authentication bypass vulnerability has been identified in the oVirt Engine, a management platform for virtualized environments. This flaw is associated with the CreateUserSession command, which does not properly authenticate users. As a result, unauthorized individuals can exploit this vulnerability to create new user accounts within the system, leading to potential unauthorized access and control over the virtual infrastructure. Organizations utilizing oVirt Engine should apply the relevant updates to mitigate this security risk.",Red Hat,"ovirt-engine,Red Hat Virtualization Engine 4.4",7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-01-25T15:18:20.439Z,0
CVE-2019-19336,https://securityvulnerability.io/vulnerability/CVE-2019-19336,,A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.,Red Hat,Ovirt-engine,5.4,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2020-03-19T13:11:16.000Z,0
CVE-2019-10194,https://securityvulnerability.io/vulnerability/CVE-2019-10194,,"Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.",Red Hat,Ovirt-engine-metrics,5.9,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2019-07-11T18:33:06.000Z,0
CVE-2017-2614,https://securityvulnerability.io/vulnerability/CVE-2017-2614,,"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.",Red Hat,Ovirt-engine-extension-aaa-jdbc,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2018-07-27T18:00:00.000Z,0
CVE-2017-15113,https://securityvulnerability.io/vulnerability/CVE-2017-15113,,ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.,Red Hat,Ovirt-engine,7.2,HIGH,0.003449999960139394,false,false,false,false,,false,false,2018-07-27T16:00:00.000Z,0