Virtualization Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-03	CVE-2021-3620	Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. local low complexity redhat CWE-209	5.5
2019-11-14	CVE-2019-11135	TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. local low complexity opensuse fedoraproject slackware hp intel canonical debian redhat oracle	6.5
2019-07-26	CVE-2019-10744	Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. network low complexity lodash netapp redhat oracle f5 critical	9.1
2019-07-11	CVE-2019-10194	Information Exposure Through Log Files vulnerability in multiple products Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. local low complexity ovirt redhat CWE-532	5.5
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1
2019-01-25	CVE-2018-16881	Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. network low complexity rsyslog redhat debian CWE-190	7.5
2018-10-09	CVE-2018-17963	Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. network low complexity qemu debian canonical redhat CWE-190	7.5
2018-10-09	CVE-2018-17958	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. network low complexity qemu canonical debian redhat CWE-190	5.0
2018-07-19	CVE-2017-7481	Improper Input Validation vulnerability in multiple products Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. network low complexity redhat canonical debian CWE-20	7.5