Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:5555
HistoryJul 14, 2022 - 12:11 p.m.

(RHSA-2022:5555) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update

2022-07-1412:11:20
access.redhat.com
80

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

  • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  • apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)

  • nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

  • semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

OSVersionArchitecturePackageVersionFilename
RedHat8noarchovirt-log-collector< 4.4.6-1.el8evovirt-log-collector-4.4.6-1.el8ev.noarch.rpm
RedHat8noarchovirt-engine-dwh< 4.5.3-1.el8evovirt-engine-dwh-4.5.3-1.el8ev.noarch.rpm
RedHat8noarchovirt-engine-health-check-bundler< 4.5.1.2-0.11.el8evovirt-engine-health-check-bundler-4.5.1.2-0.11.el8ev.noarch.rpm
RedHat8noarchovirt-engine-tools< 4.5.1.2-0.11.el8evovirt-engine-tools-4.5.1.2-0.11.el8ev.noarch.rpm
RedHat8noarchpostgresql-jdbc-javadoc< 42.2.14-1.el8evpostgresql-jdbc-javadoc-42.2.14-1.el8ev.noarch.rpm
RedHat8noarchrhvm< 4.5.1.2-0.11.el8evrhvm-4.5.1.2-0.11.el8ev.noarch.rpm
RedHat8noarchapache-commons-compress-javadoc< 1.21-1.2.el8evapache-commons-compress-javadoc-1.21-1.2.el8ev.noarch.rpm
RedHat8noarchovirt-engine-dbscripts< 4.5.1.2-0.11.el8evovirt-engine-dbscripts-4.5.1.2-0.11.el8ev.noarch.rpm
RedHat8noarchovirt-engine-setup< 4.5.1.2-0.11.el8evovirt-engine-setup-4.5.1.2-0.11.el8ev.noarch.rpm
RedHat8noarchpostgresql-jdbc< 42.2.14-1.el8evpostgresql-jdbc-42.2.14-1.el8ev.noarch.rpm
Rows per page:
1-10 of 331

Related

nessus 11
ibm 82
mageia 1
suse 2
prion 10
osv 22
veracode 9
redhatcve 10
github 10
cve 10
nodejs 1
debian 1
debiancve 9
cnvd 1
spring 1
ubuntucve 9
ubuntu 1
broadcom 1
f5 2
hackerone 1
huntr 1
cgr 1
ics 1
thn 1
cert 1
nessus
nessus
RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)
2022-07-15 00:00:00
SUSE SLED15 / SLES15 Security Update : apache-commons-compress (SUSE-SU-2021:2612-1)
2021-08-06 00:00:00
openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:2612-1)
2021-08-06 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)
2021-10-28 23:12:16
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress
2022-08-22 16:39:58
Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)
2022-06-06 18:14:44
mageia
mageia
Updated osgi-core/apache-commons-compress packages fix security vulnerability
2022-01-11 10:12:42
suse
suse
Security update for apache-commons-compress (important)
2021-08-10 00:00:00
Security update for apache-commons-compress (important)
2021-08-05 00:00:00
prion
prion
Design/Logic Flaw
2022-06-09 20:15:00
Design/Logic Flaw
2021-05-28 18:15:00
Race condition
2022-04-01 23:15:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
2022-06-09 23:51:25
CVE-2022-31051
2022-06-09 20:15:08
CVE-2021-33623
2021-05-28 18:15:07
veracode
veracode
Information Disclosure
2022-06-10 05:15:53
Regular Expression Denial Of Service (ReDoS)
2021-05-31 05:29:50
Denial Of Service (DoS)
2022-04-07 12:06:55
redhatcve
redhatcve
CVE-2022-31051
2022-06-15 16:29:46
CVE-2021-35515
2021-07-13 17:52:15
CVE-2021-22096
2021-12-21 12:20:57
github
github
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
2022-06-09 23:51:25
Uncontrolled Resource Consumption in trim-newlines
2021-06-07 22:10:39
Excessive Iteration in Compress
2021-08-02 16:55:07
cve
cve
CVE-2022-31051
2022-06-09 20:15:00
CVE-2021-33623
2021-05-28 18:15:00
CVE-2022-22950
2022-04-01 23:15:00
nodejs
nodejs
Regular Expression Denial of Service
2021-06-07 22:13:02
debian
debian
[SECURITY] [DLA 3247-1] node-trim-newlines security update
2022-12-23 14:08:28
debiancve
debiancve
CVE-2022-22950
2022-04-01 23:15:00
CVE-2021-22096
2021-10-28 16:15:00
CVE-2021-33623
2021-05-28 18:15:00
cnvd
cnvd
Apache Commons Compress Resource Management Error Vulnerability (CNVD-2022-62077)
2021-07-19 00:00:00
spring
spring
CVE report published for Spring Framework
2022-03-28 08:00:00
ubuntucve
ubuntucve
CVE-2021-33623
2021-05-28 00:00:00
CVE-2021-35515
2021-07-13 00:00:00
CVE-2021-35516
2021-07-13 00:00:00
ubuntu
ubuntu
trim-newlines vulnerability
2023-04-05 00:00:00
broadcom
broadcom
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
2023-08-29 00:00:00
f5
f5
K000133710 : apache-commons-compress vulnerability CVE-2021-36090
2023-04-28 00:00:00
K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963
2022-03-31 00:00:00
hackerone
hackerone
Nextcloud: @nextcloud/logger NPM package brings vulnerable ansi-regex version
2022-06-20 14:31:09
huntr
huntr
Inefficient Regular Expression Complexity in chalk/ansi-regex
2021-09-09 11:25:39
cgr
cgr
CVE-2021-3807 vulnerabilities
2024-04-18 21:07:33
ics
ics
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
2022-10-13 12:00:00
thn
thn
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 05:52:00
cert
cert
Spring Framework insecurely handles PropertyDescriptor objects with data binding
2022-03-31 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON
Related for RHSA-2022:5555
nessus11ibm82mageia1suse2prion10osv22veracode9redhatcve10github10cve10nodejs1debian1debiancve9cnvd1spring1ubuntucve9ubuntu1broadcom1f52hackerone1huntr1cgr1ics1thn1cert1