Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 114 Backdrop, Debian Linux, Drupal and 111 more 2024-08-04 6.1 Medium
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11135 9 Canonical, Debian, Fedoraproject and 6 more 312 Ubuntu Linux, Debian Linux, Fedora and 309 more 2024-08-04 6.5 Medium
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-11091 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Data Sampling Uncacheable Memory, Microarchitectural Data Sampling Uncacheable Memory Firmware and 10 more 2024-08-04 N/A
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-10744 5 F5, Lodash, Netapp and 2 more 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more 2024-08-04 9.1 Critical
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-10194 2 Ovirt, Redhat 3 Ovirt, Rhev Manager, Virtualization Manager 2024-08-04 5.5 Medium
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVE-2019-10086 6 Apache, Debian, Fedoraproject and 3 more 73 Commons Beanutils, Nifi, Debian Linux and 70 more 2024-08-04 7.3 High
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVE-2019-9824 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2024-08-04 N/A
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CVE-2019-8331 4 F5, Getbootstrap, Redhat and 1 more 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more 2024-08-04 6.1 Medium
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-6778 5 Canonical, Fedoraproject, Opensuse and 2 more 7 Ubuntu Linux, Fedora, Leap and 4 more 2024-08-04 N/A
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-6501 3 Fedoraproject, Qemu, Redhat 5 Fedora, Qemu, Enterprise Linux and 2 more 2024-08-04 N/A
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CVE-2019-3879 2 Ovirt, Redhat 3 Ovirt, Rhev Manager, Virtualization 2024-08-04 8.1 High
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.
CVE-2020-35497 2 Ovirt, Redhat 3 Ovirt-engine, Rhev Manager, Virtualization 2024-08-04 6.5 Medium
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
CVE-2020-29443 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Advanced Virtualization and 2 more 2024-08-04 3.9 Low
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-25649 7 Apache, Fasterxml, Fedoraproject and 4 more 50 Iotdb, Jackson-databind, Fedora and 47 more 2024-08-04 7.5 High
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-25657 3 Fedoraproject, M2crypto Project, Redhat 5 Fedora, M2crypto, Enterprise Linux and 2 more 2024-08-04 5.9 Medium
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
CVE-2020-16092 5 Canonical, Debian, Opensuse and 2 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2024-08-04 3.8 Low
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
CVE-2020-14364 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-08-04 5.0 Medium
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
CVE-2020-14333 2 Ovirt, Redhat 2 Ovirt-engine, Rhev Manager 2024-08-04 6.3 Medium
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context.
CVE-2020-11022 9 Debian, Drupal, Fedoraproject and 6 more 88 Debian Linux, Drupal, Fedora and 85 more 2024-08-04 6.9 Medium
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11023 8 Debian, Drupal, Fedoraproject and 5 more 65 Debian Linux, Drupal, Fedora and 62 more 2024-08-04 6.9 Medium
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.