Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-41182 8 Debian, Drupal, Fedoraproject and 5 more 38 Debian Linux, Drupal, Fedora and 35 more 2024-11-21 6.5 Medium
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2021-3807 3 Ansi-regex Project, Oracle, Redhat 10 Ansi-regex, Communications Cloud Native Core Policy, Acm and 7 more 2024-11-21 7.5 High
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3620 1 Redhat 12 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Engine and 9 more 2024-11-21 5.5 Medium
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3447 2 Fedoraproject, Redhat 7 Fedora, Ansible, Ansible Automation Platform and 4 more 2024-11-21 5.5 Medium
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
CVE-2021-36090 4 Apache, Netapp, Oracle and 1 more 36 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 33 more 2024-11-21 7.5 High
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
CVE-2021-35517 4 Apache, Netapp, Oracle and 1 more 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more 2024-11-21 7.5 High
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVE-2021-35516 4 Apache, Netapp, Oracle and 1 more 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35515 4 Apache, Netapp, Oracle and 1 more 28 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 25 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-33623 4 Debian, Netapp, Redhat and 1 more 5 Debian Linux, E-series Performance Analyzer, Acm and 2 more 2024-11-21 7.5 High
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
CVE-2021-33502 2 Normalize-url Project, Redhat 6 Normalize-url, Acm, Enterprise Linux and 3 more 2024-11-21 7.5 High
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2021-30483 2 Isomorphic-git, Redhat 3 Isomorphic-git, Rhev Hypervisor, Rhev Manager 2024-11-21 5.3 Medium
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.
CVE-2021-23425 2 Redhat, Trim-off-newlines Project 2 Rhev Manager, Trim-off-newlines 2024-11-21 5.3 Medium
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
CVE-2021-23358 5 Debian, Fedoraproject, Redhat and 2 more 6 Debian Linux, Fedora, Acm and 3 more 2024-11-21 3.3 Low
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
CVE-2021-23343 2 Path-parse Project, Redhat 7 Path-parse, Acm, Advanced Cluster Security and 4 more 2024-11-21 5.3 Medium
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
CVE-2021-23337 5 Lodash, Netapp, Oracle and 2 more 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more 2024-11-21 7.2 High
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2021-22096 4 Netapp, Oracle, Redhat and 1 more 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more 2024-11-21 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2021-20228 2 Debian, Redhat 6 Debian Linux, Ansible Automation Platform, Ansible Engine and 3 more 2024-11-21 7.5 High
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20191 2 Oracle, Redhat 12 Virtualization, Ansible, Ansible Automation Platform and 9 more 2024-11-21 5.5 Medium
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
CVE-2021-20180 1 Redhat 5 Ansible, Ansible Automation Platform, Ansible Engine and 2 more 2024-11-21 5.5 Medium
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20178 2 Fedoraproject, Redhat 7 Fedora, Ansible, Ansible Automation Platform and 4 more 2024-11-21 5.5 Medium
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.