Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3
CVE-2014-0153
- EPSS 0.22%
- Published 08.09.2014 14:55:02
- Last modified 12.04.2025 10:46:40
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
- EPSS 0.29%
- Published 31.08.2012 20:55:01
- Last modified 11.04.2025 00:51:21
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.