Vulnerabilities > Redhat > Virtualization Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-3620 Unspecified vulnerability in Redhat products
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message.
local
low complexity
redhat
5.5
2019-11-14 CVE-2019-11135 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. 6.5
2019-07-11 CVE-2019-10194 Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions.
local
low complexity
ovirt redhat
5.5
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-02-20 CVE-2019-8331 Cross-site Scripting vulnerability in multiple products
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
network
low complexity
getbootstrap f5 redhat tenable CWE-79
6.1
2018-05-22 CVE-2018-3639 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
5.5
2018-04-24 CVE-2018-1059 Information Exposure vulnerability in multiple products
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations.
high complexity
canonical redhat dpdk CWE-200
6.1