Redhat

Virtualization Manager

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-3620

  • EPSS 0.2%
  • Veröffentlicht 03.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:00

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

6.5

CVE-2019-11135

  • EPSS 0.24%
  • Veröffentlicht 14.11.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:20:35

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

9.1

CVE-2019-10744

Exploit
  • EPSS 3.41%
  • Veröffentlicht 26.07.2019 00:15:11
  • Zuletzt bearbeitet 21.11.2024 04:19:50

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

5.5

CVE-2019-10194

  • EPSS 0.08%
  • Veröffentlicht 11.07.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:37

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion ...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Veröffentlicht 20.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

6.1

CVE-2019-8331

  • EPSS 2.29%
  • Veröffentlicht 20.02.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:49:42

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

7.5

CVE-2018-16881

  • EPSS 2.77%
  • Veröffentlicht 25.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

9.8

CVE-2018-17963

  • EPSS 2.08%
  • Veröffentlicht 09.10.2018 22:29:01
  • Zuletzt bearbeitet 21.11.2024 03:55:17

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

7.5

CVE-2018-17958

  • EPSS 1.21%
  • Veröffentlicht 09.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:16

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

9.8

CVE-2017-7481

  • EPSS 3.69%
  • Veröffentlicht 19.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:31:59

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting ...