Lucene search
K
RedhatVirtualization Manager

13 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.2960 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2019/02/20 4:0 p.m.1549 views

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

6.1CVSS5.8AI score0.1686EPSS
CVE
CVE
added 2019/07/25 11:43 p.m.927 views

CVE-2019-10744

CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...

9.1CVSS8.9AI score0.05006EPSS
CVE
CVE
added 2018/05/22 12:0 p.m.865 views

CVE-2018-3639

CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...

5.5CVSS5.9AI score0.60631EPSS
In wild
CVE
CVE
added 2019/11/14 6:19 p.m.635 views

CVE-2019-11135

CVE-2019-11135 is a TSX Transactional Synchronization Extensions-related vulnerability in Intel CPUs causing potential information disclosure via a side channel when TSX Acknowledges an abort. The connected documents describe a subsequent issue (CVE-2019-19338) in the fix path for CVE-2019-11135 ...

6.5CVSS6.4AI score0.03133EPSS
CVE
CVE
added 2018/07/19 1:0 p.m.373 views

CVE-2017-7481

CVE-2017-7481 affects Ansible before versions 2.3.1.0 and 2.4.0.0, where lookup-plugin results could be marked unsafe, allowing code execution via jinja2 if an attacker controls lookup() results. The description and connected advisories confirm the vulnerability originates from unsafe lookup resu...

9.8CVSS9.3AI score0.04617EPSS
In wild
CVE
CVE
added 2019/01/25 6:0 p.m.341 views

CVE-2018-16881

CVE-2018-16881 affects rsyslog’s imptcp module. An attacker can send a specially crafted TCP message to imptcp, causing the daemon to crash (DoS). Vulnerable in rsyslog versions before 8.27.0; upgrade to 8.27.0+ to remediate. Some advisories (e.g., MiracleLinux AXSA) reference an integer overflow...

7.5CVSS7.1AI score0.02238EPSS
CVE
CVE
added 2022/03/03 6:23 p.m.257 views

CVE-2021-3620

CVE-2021-3620 is a disclosure vulnerability in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is exposed in traceback messages. The issue is documented across multiple sources (IBM Spectrum Fusion HCI bulletin, Debian LTS advisory, and ...

5.5CVSS5.3AI score0.00384EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.153 views

CVE-2018-17958

CVE-2018-17958 affects QEMU, specifically the rtl8139 network device implementation (rtl8139_do_receive in hw/net/rtl8139.c). The root cause is an incorrect integer data type, which leads to a buffer overflow. The description and connected advisories confirm the vulnerability but do not provide a...

7.5CVSS8.4AI score0.06169EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.149 views

CVE-2018-17963

CVE-2018-17963 affects QEMU’s net/iov path. The vulnerability is introduced by qemu_deliver_packet_iov in net/net.c, which accepts packet sizes greater than INT_MAX, enabling a remote attacker to trigger a denial of service (and potentially other unspecified impact) by sending oversized packets. ...

9.8CVSS9.7AI score0.04782EPSS
CVE
CVE
added 2018/04/24 6:0 p.m.133 views

CVE-2018-1059

The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...

6.1CVSS5.8AI score0.00878EPSS
CVE
CVE
added 2019/07/11 6:33 p.m.104 views

CVE-2019-10194

CVE-2019-10194 affects ovirt-engine-metrics in Red Hat Virtualization Manager. The issue is disclosure of sensitive passwords used in deployment and configuration of oVirt Metrics, reported as insufficiently protected so passwords could be exposed in log files or in playbooks stored on Metrics or...

5.9CVSS5.4AI score0.00345EPSS
CVE
CVE
added 2017/05/23 5:0 p.m.92 views

CVE-2017-9214

Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...

9.8CVSS9.3AI score0.02887EPSS