Virtualization Manager Security Vulnerabilities and Issues — Virtualization Manager CVE List

Lucene search

RedhatVirtualization Manager

6 matches found

CVE•added 2019/04/20 12:29 a.m.•2195 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01768EPSS

CVE•added 2019/02/20 4:29 p.m.•1350 views

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

6.1CVSS5.8AI score0.02292EPSS

CVE•added 2019/07/26 12:15 a.m.•523 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

9.1CVSS8.9AI score0.0341EPSS

CVE•added 2019/11/14 7:15 p.m.•522 views

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

6.5CVSS6.4AI score0.00394EPSS

CVE•added 2019/01/25 6:29 p.m.•302 views

CVE-2018-16881

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

7.5CVSS7.1AI score0.00436EPSS

CVE•added 2019/07/11 7:15 p.m.•83 views

CVE-2019-10194

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

5.9CVSS5.4AI score0.00082EPSS