Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 114 Backdrop, Debian Linux, Drupal and 111 more 2024-11-15 6.1 Medium
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2011-4517 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-10-21 N/A
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
CVE-2014-1568 5 Apple, Google, Microsoft and 2 more 14 Mac Os X, Chrome, Chrome Os and 11 more 2024-10-21 N/A
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
CVE-2019-13990 6 Apache, Atlassian, Netapp and 3 more 35 Tomee, Jira Service Management, Active Iq Unified Manager and 32 more 2024-10-15 9.8 Critical
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2021-3620 1 Redhat 12 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Engine and 9 more 2024-10-15 5.5 Medium
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
CVE-2020-28477 2 Immer Project, Redhat 2 Immer, Rhev Manager 2024-09-17 7.5 High
This affects all versions of package immer.
CVE-2020-7733 3 Oracle, Redhat, Ua-parser-js Project 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js 2024-09-17 7.5 High
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVE-2021-23358 5 Debian, Fedoraproject, Redhat and 2 more 6 Debian Linux, Fedora, Acm and 3 more 2024-09-17 3.3 Low
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
CVE-2018-1062 1 Redhat 2 Ovirt-engine, Rhev Manager 2024-09-17 5.3 Medium
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 11 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 8 more 2024-09-17 N/A
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVE-2020-28458 2 Datatables, Redhat 3 Datatables.net, Rhev Hypervisor, Rhev Manager 2024-09-16 7.3 High
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CVE-2021-23425 2 Redhat, Trim-off-newlines Project 2 Rhev Manager, Trim-off-newlines 2024-09-16 5.3 Medium
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
CVE-2013-2176 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2024-09-16 N/A
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more 2024-09-16 5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2017-12172 2 Postgresql, Redhat 4 Postgresql, Enterprise Linux, Rhel Software Collections and 1 more 2024-09-16 N/A
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
CVE-2020-28500 4 Lodash, Oracle, Redhat and 1 more 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more 2024-09-16 5.3 Medium
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2021-23343 2 Path-parse Project, Redhat 7 Path-parse, Acm, Advanced Cluster Security and 4 more 2024-09-16 5.3 Medium
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
CVE-2020-1983 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-09-16 7.5 High
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2021-23337 5 Lodash, Netapp, Oracle and 2 more 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more 2024-09-16 7.2 High
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-28469 3 Gulpjs, Oracle, Redhat 8 Glob-parent, Communications Cloud Native Core Policy, Acm and 5 more 2024-09-16 5.3 Medium
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.