Redhat

Virtualization Manager

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-3620

  • EPSS 0.2%
  • Published 03.03.2022 19:15:08
  • Last modified 21.11.2024 06:22:00

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

6.5

CVE-2019-11135

  • EPSS 0.24%
  • Published 14.11.2019 19:15:13
  • Last modified 21.11.2024 04:20:35

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

9.1

CVE-2019-10744

Exploit
  • EPSS 3.41%
  • Published 26.07.2019 00:15:11
  • Last modified 21.11.2024 04:19:50

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

5.5

CVE-2019-10194

  • EPSS 0.08%
  • Published 11.07.2019 19:15:12
  • Last modified 21.11.2024 04:18:37

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion ...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

6.1

CVE-2019-8331

  • EPSS 2.29%
  • Published 20.02.2019 16:29:00
  • Last modified 21.11.2024 04:49:42

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

7.5

CVE-2018-16881

  • EPSS 2.77%
  • Published 25.01.2019 18:29:00
  • Last modified 21.11.2024 03:53:31

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

9.8

CVE-2018-17963

  • EPSS 2.08%
  • Published 09.10.2018 22:29:01
  • Last modified 21.11.2024 03:55:17

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

7.5

CVE-2018-17958

  • EPSS 1.21%
  • Published 09.10.2018 22:29:00
  • Last modified 21.11.2024 03:55:16

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

9.8

CVE-2017-7481

  • EPSS 3.69%
  • Published 19.07.2018 13:29:00
  • Last modified 21.11.2024 03:31:59

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting ...