CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3113
https://notcve.org/view.php?id=CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad Cross-Site Scripting (XSS) en ovirt-engine permite que atacantes remotos inyecten scripts web o HTML arbitrarios. • https://github.com/0xEmanuel/CVE-2016-3113 https://bugzilla.redhat.com/show_bug.cgi?id=1326598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3077
https://notcve.org/view.php?id=CVE-2016-3077
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. El método VersionMapper.fromKernelVersionString en oVirt Engine permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del proceso) para todas las máquinas virtuales. • https://bugzilla.redhat.com/show_bug.cgi?id=1321972 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0151 – ovirt-engine: cross-site request forgery (CSRF)
https://notcve.org/view.php?id=CVE-2014-0151
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. Vulnerabilidad de CSRF en oVirt Engine anterior a 3.5.0 beta2 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que realizan acciones no especificadas a través de una solicitud REST API. A Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API. • http://rhn.redhat.com/errata/RHSA-2015-0158.html http://www.ovirt.org/OVirt_3.5_Release_Notes https://bugzilla.redhat.com/show_bug.cgi?id=1077441 https://access.redhat.com/security/cve/CVE-2014-0151 https://bugzilla.redhat.com/show_bug.cgi?id=1081849 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0152 – ovirt-engine-webadmin: session fixation
https://notcve.org/view.php?id=CVE-2014-0152
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en la interfaz de administración web en oVirt 3.4.0 y anteriores permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://gerrit.ovirt.org/#/c/25959 http://www.ovirt.org/Security_advisories https://access.redhat.com/security/cve/CVE-2014-0152 https://bugzilla.redhat.com/show_bug.cgi?id=1081860 • CWE-384: Session Fixation •