Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-17958 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-08-05 7.5 High
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-08-05 9.8 Critical
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-16881 3 Debian, Redhat, Rsyslog 14 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 11 more 2024-08-05 7.5 High
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2018-15746 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2024-08-05 5.5 Medium
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2018-12126 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more 2024-08-05 N/A
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12130 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more 2024-08-05 N/A
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more 2024-08-05 N/A
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-7750 3 Debian, Paramiko, Redhat 18 Debian Linux, Paramiko, Ansible Engine and 15 more 2024-08-05 9.8 Critical
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-1075 2 Ovirt, Redhat 2 Ovirt, Rhev Manager 2024-08-05 N/A
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
CVE-2018-1072 2 Ovirt, Redhat 3 Ovirt, Enterprise Virtualization Manager, Rhev Manager 2024-08-05 N/A
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
CVE-2018-1074 2 Ovirt, Redhat 3 Ovirt, Enterprise Virtualization, Rhev Manager 2024-08-05 N/A
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
CVE-2018-1117 2 Ovirt, Redhat 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager 2024-08-05 N/A
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
CVE-2019-20922 2 Handlebarsjs, Redhat 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more 2024-08-05 7.5 High
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
CVE-2019-20921 2 Redhat, Snapappointments 2 Rhev Manager, Bootstrap-select 2024-08-05 6.1 Medium
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
CVE-2019-20920 2 Handlebarsjs, Redhat 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more 2024-08-05 8.1 High
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
CVE-2019-20382 5 Canonical, Debian, Opensuse and 2 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-08-05 3.5 Low
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2019-19336 2 Ovirt, Redhat 3 Ovirt-engine, Rhev Manager, Virtualization 2024-08-05 6.1 Medium
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
CVE-2019-17195 4 Apache, Connect2id, Oracle and 1 more 17 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 14 more 2024-08-05 9.8 Critical
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-14378 2 Libslirp Project, Redhat 7 Libslirp, Advanced Virtualization, Enterprise Linux and 4 more 2024-08-05 N/A
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-12155 2 Qemu, Redhat 5 Qemu, Advanced Virtualization, Enterprise Linux and 2 more 2024-08-04 N/A
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.