Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8608 4 Debian, Libslirp Project, Opensuse and 1 more 11 Debian Linux, Libslirp, Leap and 8 more 2024-11-21 5.6 Medium
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-11-21 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-7733 3 Oracle, Redhat, Ua-parser-js Project 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js 2024-11-21 7.5 High
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVE-2020-7598 3 Opensuse, Redhat, Substack 9 Leap, Enterprise Linux, Openshift and 6 more 2024-11-21 5.6 Medium
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-7039 5 Debian, Libslirp Project, Opensuse and 2 more 12 Debian Linux, Libslirp, Leap and 9 more 2024-11-21 5.6 Medium
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2020-35497 2 Ovirt, Redhat 3 Ovirt-engine, Rhev Manager, Virtualization 2024-11-21 6.5 Medium
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
CVE-2020-29443 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Advanced Virtualization and 2 more 2024-11-21 3.9 Low
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-28500 4 Lodash, Oracle, Redhat and 1 more 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more 2024-11-21 5.3 Medium
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-28477 2 Immer Project, Redhat 2 Immer, Rhev Manager 2024-11-21 7.5 High
This affects all versions of package immer.
CVE-2020-28469 3 Gulpjs, Oracle, Redhat 8 Glob-parent, Communications Cloud Native Core Policy, Acm and 5 more 2024-11-21 5.3 Medium
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVE-2020-28458 2 Datatables, Redhat 3 Datatables.net, Rhev Hypervisor, Rhev Manager 2024-11-21 7.3 High
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CVE-2020-25657 3 Fedoraproject, M2crypto Project, Redhat 5 Fedora, M2crypto, Enterprise Linux and 2 more 2024-11-21 5.9 Medium
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
CVE-2020-25649 7 Apache, Fasterxml, Fedoraproject and 4 more 50 Iotdb, Jackson-databind, Fedora and 47 more 2024-11-21 7.5 High
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-1983 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 7.5 High
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2020-1720 2 Postgresql, Redhat 8 Postgresql, Decision Manager, Enterprise Linux and 5 more 2024-11-21 3.1 Low
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-1711 4 Debian, Opensuse, Qemu and 1 more 9 Debian Linux, Leap, Qemu and 6 more 2024-11-21 7.7 High
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVE-2020-16092 5 Canonical, Debian, Opensuse and 2 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2024-11-21 3.8 Low
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
CVE-2020-14364 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 5.0 Medium
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
CVE-2020-14333 2 Ovirt, Redhat 2 Ovirt-engine, Rhev Manager 2024-11-21 6.3 Medium
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context.
CVE-2020-11023 8 Debian, Drupal, Fedoraproject and 5 more 65 Debian Linux, Drupal, Fedora and 62 more 2024-11-21 6.9 Medium
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.