Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-10744 5 F5, Lodash, Netapp and 2 more 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more 2024-11-21 9.1 Critical
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-10194 2 Ovirt, Redhat 3 Ovirt, Rhev Manager, Virtualization Manager 2024-11-21 5.5 Medium
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVE-2019-10086 6 Apache, Debian, Fedoraproject and 3 more 73 Commons Beanutils, Nifi, Debian Linux and 70 more 2024-11-21 7.3 High
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVE-2018-7750 3 Debian, Paramiko, Redhat 18 Debian Linux, Paramiko, Ansible Engine and 15 more 2024-11-21 9.8 Critical
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more 2024-11-21 5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-20815 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2024-11-21 N/A
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
CVE-2018-20677 2 Getbootstrap, Redhat 8 Bootstrap, Ceph Storage, Enterprise Linux and 5 more 2024-11-21 N/A
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676 2 Getbootstrap, Redhat 8 Bootstrap, Ceph Storage, Enterprise Linux and 5 more 2024-11-21 N/A
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2018-1117 2 Ovirt, Redhat 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager 2024-11-21 N/A
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
CVE-2018-1075 2 Ovirt, Redhat 2 Ovirt, Rhev Manager 2024-11-21 N/A
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
CVE-2018-1074 2 Ovirt, Redhat 3 Ovirt, Enterprise Virtualization, Rhev Manager 2024-11-21 N/A
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
CVE-2018-1072 2 Ovirt, Redhat 3 Ovirt, Enterprise Virtualization Manager, Rhev Manager 2024-11-21 N/A
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
CVE-2018-1062 1 Redhat 2 Ovirt-engine, Rhev Manager 2024-11-21 5.3 Medium
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 11 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 8 more 2024-11-21 N/A
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-11-21 9.8 Critical
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17958 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-11-21 7.5 High
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-16881 3 Debian, Redhat, Rsyslog 14 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 11 more 2024-11-21 7.5 High
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2018-15746 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2024-11-21 5.5 Medium
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2018-12130 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf