Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:3247
HistoryAug 04, 2020 - 12:44 p.m.

(RHSA-2020:3247) Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update

2020-08-0412:44:40
access.redhat.com
369

0.061 Low

EPSS

Percentile

93.6%

JSON

The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).

A list of bugs fixed in this update is available in the Technical Notes
book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Security Fix(es):

  • apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)

  • libquartz: XXE attacks via job description (CVE-2019-13990)

  • novnc: XSS vulnerability via the messages propagated to the status field (CVE-2017-18635)

  • bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  • nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)

  • ovirt-engine: response_type parameter allows reflected XSS (CVE-2019-19336)

  • nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)

  • ovirt-engine: Redirect to arbitrary URL allows for phishing (CVE-2020-10775)

  • Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  • jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarched25519-java< 0.3.0-1.el8eved25519-java-0.3.0-1.el8ev.noarch.rpm
RedHat8noarchovirt-engine-extension-aaa-ldap-setup< 1.4.0-1.el8evovirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm
RedHat8noarchovirt-log-collector< 4.4.2-1.el8evovirt-log-collector-4.4.2-1.el8ev.noarch.rpm
RedHat8noarchopenstack-java-swift-client< 3.2.9-1.el8evopenstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm
RedHat8noarchxmlrpc-client< 3.1.3-1.el8evxmlrpc-client-3.1.3-1.el8ev.noarch.rpm
RedHat8noarchopenstack-java-quantum-client< 3.2.9-1.el8evopenstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm
RedHat8noarchapache-commons-compress-javadoc< 1.18-1.el8evapache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm
RedHat8noarchpython3-six< 1.12.0-1.el8ostpython3-six-1.12.0-1.el8ost.noarch.rpm
RedHat8noarchapache-commons-collections4< 4.4-1.el8evapache-commons-collections4-4.4-1.el8ev.noarch.rpm
RedHat8noarchopenstack-java-glance-client< 3.2.9-1.el8evopenstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm
Rows per page:
1-10 of 1171

Related

redhat 6
nessus 36
openvas 22
checkpoint_advisories 1
ibm 33
osv 14
suse 3
attackerkb 2
hp 2
githubexploit 1
fedora 6
atlassian 6
joomla 1
debian 4
oraclelinux 1
drupal 1
gentoo 1
typo3 2
nvd 5
cvelist 6
veracode 6
altlinux 1
cve 5
prion 7
symantec 1
redhatcve 6
github 6
nodejs 1
ubuntu 1
ubuntucve 3
mageia 2
debiancve 3
freebsd 1
rosalinux 1
f5 1
gitlab 1
redhat
redhat
(RHSA-2020:1308) Low: Red Hat Virtualization Engine security, bug fix 4.3.9
2020-04-02 15:56:27
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
(RHSA-2020:0498) Moderate: Red Hat Virtualization Engine security, bug fix and enhancement update
2020-02-13 14:28:15
nessus
nessus
RHEL 7 : Red Hat Virtualization Engine security, 4.3.9 (Low) (RHSA-2020:1308)
2020-04-02 00:00:00
Oracle Enterprise Manager Ops Center (Oct 2020 CPU)
2021-08-24 00:00:00
Oracle WebCenter Sites (Jan 2021 CPU)
2021-01-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2608-1)
2021-03-26 00:00:00
Discourse < 2.5.0.beta5 Multiple Vulnerabilities
2020-05-28 00:00:00
Drupal 7.x, 8.x jQuery XSS Vulnerabilities (SA-CORE-2020-002) - Linux
2020-06-19 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
ibm
ibm
Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with known vulnerabilities (CVE-2020-11023, CVE-2020-11022)
2021-02-10 17:05:43
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022)
2020-12-03 09:51:39
Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022
2020-09-11 06:37:01
osv
osv
jquery - security update
2021-03-25 00:00:00
CVE-2019-19336
2020-03-19 14:15:11
drupal7 - security update
2020-05-26 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
hp
hp
Certain HP Printers and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32
2020-07-23 01:06:59
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
debian
debian
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
[SECURITY] [DLA 1946-1] novnc security update
2019-10-05 14:40:50
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
2019-05-07 00:00:00
nvd
nvd
CVE-2019-19336
2020-03-19 14:15:11
CVE-2017-18635
2019-09-25 23:15:09
CVE-2020-10775
2020-08-24 17:15:10
cvelist
cvelist
CVE-2019-19336
2020-03-19 13:11:16
CVE-2017-18635
2019-09-25 22:59:16
CVE-2020-10775
2020-08-24 16:13:00
veracode
veracode
Cross-site Scripting (XSS)
2020-02-14 00:29:59
Cross-Site Scripting (XSS)
2019-10-01 02:34:40
Open Redirects
2020-08-05 02:15:18
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
cve
cve
CVE-2017-18635
2019-09-25 23:15:09
CVE-2019-19336
2020-03-19 14:15:11
CVE-2020-10775
2020-08-24 17:15:10
prion
prion
Cross site scripting
2020-03-19 14:15:00
Cross site scripting
2019-09-25 23:15:00
Open redirect
2020-08-24 17:15:00
symantec
symantec
oVirt Engine CVE-2019-19336 Cross Site Scripting Vulnerability
2020-01-11 00:00:00
redhatcve
redhatcve
CVE-2019-19336
2020-01-13 07:09:00
CVE-2017-18635
2019-10-25 16:51:02
CVE-2019-13990
2020-02-10 11:44:18
github
github
Cross-Site Scripting in @novnc/novnc
2020-08-28 21:24:59
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
2019-10-16 18:31:17
Persistent Cross-site Scripting vulnerability in PrivateBin
2022-04-12 20:45:22
nodejs
nodejs
Cross-Site Scripting
2019-10-04 18:51:29
ubuntu
ubuntu
noVNC vulnerability
2020-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2017-18635
2019-09-25 00:00:00
CVE-2019-13990
2019-07-26 00:00:00
CVE-2019-8331
2019-02-20 00:00:00
mageia
mageia
Updated novnc package fixes a security vulnerability
2020-09-27 23:06:37
Updated quartz packages fix a security vulnerability
2021-03-15 00:20:42
debiancve
debiancve
CVE-2017-18635
2019-09-25 23:15:09
CVE-2019-13990
2019-07-26 19:15:11
CVE-2019-8331
2019-02-20 16:29:00
freebsd
freebsd
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2272
2023-10-22 06:16:50
f5
f5
K24383845 : Bootstrap vulnerability CVE-2019-8331
2019-04-10 00:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-02-20 00:00:00

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for RHSA-2020:3247
redhat6nessus36openvas22checkpoint_advisories1ibm33osv14suse3attackerkb2hp2githubexploit1fedora6atlassian6joomla1debian4oraclelinux1drupal1gentoo1typo32nvd5cvelist6veracode6altlinux1cve5prion7symantec1redhatcve6github6nodejs1ubuntu1ubuntucve3mageia2debiancve3freebsd1rosalinux1f51gitlab1