Red Hat Virtualization Manager
By the Year
In 2022 there have been 1 vulnerability in Red Hat Virtualization Manager with an average score of 5.5 out of ten. Virtualization Manager did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 1 | 5.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 7.20 |
| 2018 | 5 | 7.74 |
It may take a day or so for new Virtualization Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Virtualization Manager Security Vulnerabilities
A flaw was found in Ansible Engine's ansible-connection module
CVE-2021-3620
5.5 - Medium
- March 03, 2022
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Generation of Error Message Containing Sensitive Information
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution
CVE-2019-10744
9.1 - Critical
- July 26, 2019
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {},
CVE-2019-11358
6.1 - Medium
- April 20, 2019
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Prototype Pollution
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1
CVE-2019-8331
6.1 - Medium
- February 20, 2019
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
XSS
A denial of service vulnerability was found in rsyslog in the imptcp module
CVE-2018-16881
7.5 - High
- January 25, 2019
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Integer Overflow or Wraparound
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
CVE-2018-17958
7.5 - High
- October 09, 2018
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
Integer Overflow or Wraparound
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which
CVE-2018-17963
9.8 - Critical
- October 09, 2018
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Integer Overflow or Wraparound
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe
CVE-2017-7481
9.8 - Critical
- July 19, 2018
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Improper Input Validation
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may
CVE-2018-3639
5.5 - Medium
- May 22, 2018
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Side Channel Attack
The DPDK vhost-user interface does not check to verify
CVE-2018-1059
6.1 - Medium
- April 24, 2018
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Information Disclosure
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read
CVE-2017-9214
9.8 - Critical
- May 23, 2017
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Integer underflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Red Hat? Click the Watch button to subscribe.
