Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: rubyPackages_3_1.ovirt-engine-sdk

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2013-4367
created 1 month, 3 weeks ago
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates …

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.

Affected products

ovirt-engine
  • ==ovirt-engine 3.2 running on Linux kernel 3.1 and newer

Matching in nixpkgs

Untriaged
Permalink CVE-2015-1780
created 1 month, 3 weeks ago
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain …

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

Affected products

oVirt
  • ==through 2015-03-06

Matching in nixpkgs

pkgs.libgovirt

GObject wrapper for the oVirt REST API

Untriaged
Permalink CVE-2024-0822
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 months, 1 week ago
Ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

References

Affected products

ovirt-engine
  • *
  • <4.5.6

Matching in nixpkgs

Dismissed
Permalink CVE-2024-7259
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse dismissed 1 year, 4 months ago
Ovirt-engine: potential exposure of cleartext provider passwords via web ui

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

References

Affected products

ovirt-engine
  • <4.5.7

Matching in nixpkgs