cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-0822,https://securityvulnerability.io/vulnerability/CVE-2024-0822,Ovirt: authentication bypass,"An authentication bypass vulnerability has been identified in the oVirt Engine, a management platform for virtualized environments. This flaw is associated with the CreateUserSession command, which does not properly authenticate users. As a result, unauthorized individuals can exploit this vulnerability to create new user accounts within the system, leading to potential unauthorized access and control over the virtual infrastructure. Organizations utilizing oVirt Engine should apply the relevant updates to mitigate this security risk.",Red Hat,"ovirt-engine,Red Hat Virtualization Engine 4.4",7.5,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2024-01-25T15:18:20.439Z,0
CVE-2019-19336,https://securityvulnerability.io/vulnerability/CVE-2019-19336,Cross-Site Scripting Vulnerability in oVirt Engine by Red Hat,"A cross-site scripting vulnerability exists in the OAuth authorization endpoint of the oVirt Engine prior to version 4.3.8. The issue arises from the inclusion of URL parameters in the HTML response without proper escaping. This flaw presents an opportunity for attackers to create malicious HTML pages capable of executing scripts within the context of the user's oVirt session, potentially compromising user data and operations.",Red Hat,Ovirt-engine,5.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2020-03-19T13:11:16.000Z,0
CVE-2019-10194,https://securityvulnerability.io/vulnerability/CVE-2019-10194,Sensitive Password Exposure in oVirt Metrics by Red Hat,"The oVirt Metrics component by Red Hat has been identified with a vulnerability where sensitive passwords, utilized for deployment and configuration, are inadequately safeguarded. This weakness allows for the potential disclosure of passwords in log files when specific playbooks are executed with verbose flags, as well as in playbooks stored on Metrics or Bastion hosts. Such exposure can pose serious security risks, as it may allow unauthorized access to critical systems.",Red Hat,Ovirt-engine-metrics,5.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-07-11T18:33:06.000Z,0
CVE-2017-2614,https://securityvulnerability.io/vulnerability/CVE-2017-2614,,"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.",Red Hat,Ovirt-engine-extension-aaa-jdbc,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-07-27T18:00:00.000Z,0
CVE-2017-15113,https://securityvulnerability.io/vulnerability/CVE-2017-15113,,ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.,Red Hat,Ovirt-engine,7.2,HIGH,0.003449999960139394,false,,false,false,false,,,false,false,,2018-07-27T16:00:00.000Z,0