Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10775 2 Oracle, Redhat 3 Virtualization, Ovirt-engine, Rhev Manager 2024-08-04 5.3 Medium
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
CVE-2020-10722 6 Canonical, Dpdk, Fedoraproject and 3 more 10 Ubuntu Linux, Data Plane Development Kit, Fedora and 7 more 2024-08-04 5.1 Medium
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
CVE-2020-10723 6 Canonical, Dpdk, Fedoraproject and 3 more 10 Ubuntu Linux, Data Plane Development Kit, Fedora and 7 more 2024-08-04 5.1 Medium
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
CVE-2020-8608 4 Debian, Libslirp Project, Opensuse and 1 more 11 Debian Linux, Libslirp, Leap and 8 more 2024-08-04 5.6 Medium
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-08-04 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-7598 3 Opensuse, Redhat, Substack 9 Leap, Enterprise Linux, Openshift and 6 more 2024-08-04 5.6 Medium
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-7039 5 Debian, Libslirp Project, Opensuse and 2 more 12 Debian Linux, Libslirp, Leap and 9 more 2024-08-04 5.6 Medium
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2020-1720 2 Postgresql, Redhat 8 Postgresql, Decision Manager, Enterprise Linux and 5 more 2024-08-04 3.1 Low
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-1711 4 Debian, Opensuse, Qemu and 1 more 9 Debian Linux, Leap, Qemu and 6 more 2024-08-04 7.7 High
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVE-2021-41183 8 Debian, Drupal, Fedoraproject and 5 more 37 Debian Linux, Drupal, Fedora and 34 more 2024-08-04 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVE-2021-41184 7 Drupal, Fedoraproject, Jqueryui and 4 more 36 Drupal, Fedora, Jquery Ui and 33 more 2024-08-04 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41182 8 Debian, Drupal, Fedoraproject and 5 more 38 Debian Linux, Drupal, Fedora and 35 more 2024-08-04 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2021-36090 4 Apache, Netapp, Oracle and 1 more 36 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 33 more 2024-08-04 7.5 High
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
CVE-2021-35515 4 Apache, Netapp, Oracle and 1 more 28 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 25 more 2024-08-04 7.5 High
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35517 4 Apache, Netapp, Oracle and 1 more 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more 2024-08-04 7.5 High
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVE-2021-35516 4 Apache, Netapp, Oracle and 1 more 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more 2024-08-04 7.5 High
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-33623 4 Debian, Netapp, Redhat and 1 more 5 Debian Linux, E-series Performance Analyzer, Acm and 2 more 2024-08-03 7.5 High
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
CVE-2021-33502 2 Normalize-url Project, Redhat 6 Normalize-url, Acm, Enterprise Linux and 3 more 2024-08-03 7.5 High
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2021-30483 2 Isomorphic-git, Redhat 3 Isomorphic-git, Rhev Hypervisor, Rhev Manager 2024-08-03 5.3 Medium
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.
CVE-2021-22096 4 Netapp, Oracle, Redhat and 1 more 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more 2024-08-03 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.