Latest redhat virtualization manager Vulnerabilities

● CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...

redhat/ansible<0:2.9.27-1.el8a

redhat/ansible-core<0:2.11.6-1.el8a

redhat/ansible<0:2.9.27-1.el7ae

redhat/ansible<0:2.9.27-1.el8ae

redhat/ovirt-ansible-collection<0:1.6.5-1.el8e

=2.0

and 20 more

● CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

redhat/kernel<0:2.6.32-754.24.2.el6

redhat/kernel<0:2.6.32-431.96.3.el6

redhat/kernel<0:2.6.32-504.81.3.el6

redhat/kernel-rt<0:3.10.0-1062.4.2.rt56.1028.el7

redhat/kernel<0:3.10.0-1062.4.2.el7

redhat/qemu-kvm<10:1.5.3-167.el7_7.4

and 704 more

● CVE-2019-10744

A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON...

redhat/jaeger<0:v1.13.1.redhat7-1.el7

redhat/kiali<0:v1.0.11.redhat1-1.el7

redhat/servicemesh-grafana<0:6.2.2-36.el8

redhat/ovirt-web-ui<0:1.6.0-1.el7e

redhat/lodash<4.17.12

npm/lodash.defaultsdeep<4.6.1

and 84 more

● CVE-2019-10194

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with...

Ovirt Ovirt

Redhat Virtualization Manager=4.3

● CVE-2019-11358

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...

redhat/ansible-tower<0:3.5.2-1.el7a

redhat/cfme<0:5.10.9.1-1.el7cf

redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf

redhat/cfme-appliance<0:5.10.9.1-1.el7cf

redhat/cfme-gemset<0:5.10.9.1-1.el7cf

redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e

and 267 more

● CVE-2019-8331

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when to...

rubygems/twitter-bootstrap-rails<=5.0.0

npm/bootstrap-sass>=3.0.0<3.4.1

npm/bootstrap>=3.0.0<3.4.1

npm/bootstrap>=4.0.0<4.3.1

nuget/bootstrap.sass<4.3.1

nuget/bootstrap>=3.0.0<3.4.1

and 67 more

● CVE-2018-17958

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

redhat/qemu-kvm-rhev<10:2.12.0-33.el7

QEMU qemu<=3.0.1

Canonical Ubuntu Linux=14.04

Canonical Ubuntu Linux=16.04

Canonical Ubuntu Linux=18.04

Canonical Ubuntu Linux=18.10

and 17 more

● CVE-2018-17963

A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to ...

redhat/qemu-kvm-ma<10:2.12.0-33.el7

redhat/qemu-kvm-rhev<10:2.12.0-33.el7

debian/qemu<=1:2.12+dfsg-3<=1:2.8+dfsg-6

QEMU qemu<=3.0.0

QEMU qemu=3.1.0-rc0

QEMU qemu=3.1.0-rc1

and 23 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.