Headline
Red Hat Security Advisory 2022-4711-01
Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Advisory ID: RHSA-2022:4711-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4711
Issue date: 2022-05-26
CVE Names: CVE-2021-3807 CVE-2021-23425 CVE-2021-33502
CVE-2021-41182 CVE-2021-41183 CVE-2021-41184
====================================================================
- Summary:
Updated ovirt-engine packages that fix several bugs and add various
enhancements are now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view
and manage virtual machines. The Manager provides a comprehensive range of
features including search capabilities, resource management, live
migrations, and virtual infrastructure provisioning.
Security Fix(es):
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching
ANSI escape codes (CVE-2021-3807)nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
normalize-url: ReDoS for data URLs (CVE-2021-33502)
jquery-ui: XSS in the altField option of the datepicker widget
(CVE-2021-41182)jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
jquery-ui: XSS in the ‘of’ option of the .position() util
(CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes
book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
655153 - [RFE] confirmation prompt when suspending a virtual machine - webadmin
977778 - [RFE] - Mechanism for converting disks for non-running VMS
1624015 - [RFE] Expose Console Options and Console invocation via API
1648985 - VM from VM-pool which is already in use by a SuperUser is presented to another User with UserRole permission who can shutdown the VM.
1667517 - [RFE] add VM Portal setting for set screen mode
1687845 - Multiple notification for one time host activation
1781241 - missing ?connect automatically? option in vm portal
1782056 - [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN
1849169 - [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy
1878930 - [RFE] Provide warning event if MAC Address Pool free and available addresses are below threshold
1922977 - [RFE] VM shared disks are not part of the OVF_STORE
1926625 - [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager
1927985 - [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset
1944290 - URL to change the password is not shown properly
1944834 - [RFE] Timer for Console Disconnect Action - Shutdown VM after N minutes of being disconnected (Webadmin-only)
1956295 - Template import from storage domain fails when quota is enabled.
1959186 - Enable assignment of user quota when provisioning from a non-blank template via rest-api
1964208 - [RFE] add new feature for VM’s screenshot on RestAPI
1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs
1971622 - Incorrect warning displayed: “The VM CPU does not match the Cluster CPU Type”
1974741 - Disk images remain in locked state if the HE VM is rebooted during a image transfer
1979441 - High Performance VMs always have “VM CPU does not match the cluster CPU Type” warning
1979797 - Ask user for confirmation when the deleted storage domain has leases of VMs that has disk in other SDs
1980192 - Network statistics copy a U64 into DECIMAL(18,4)
1986726 - VM imported from OVA gets thin provisioned disk despite of allocation policy set as ‘preallocated’
1986834 - [DOCS] add nodejs and maven to list of subscription streams to be enabled in RHVM installation
1987121 - [RFE] Support enabling nVidia Unified Memory on mdev vGPU
1988496 - vmconsole-proxy-helper.cer is not renewed when running engine-setup
1990462 - [RFE] Add user name and password to ELK integration
1991240 - Assign user quota when provisioning from a non-blank template via web-ui
1995793 - CVE-2021-23425 nodejs-trim-off-newlines: ReDoS via string processing
1996123 - ovf stores capacity/truesize on the storage does not match values in engine database
1998255 - [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab
1999698 - ssl.conf modifications of engine-setup do not conform to best practices (according to red hat insights)
2000031 - SPM host is rebooted multiple times when engine recovers the host
2002283 - Make NumOfPciExpressPorts configurable via engine-config
2003883 - Failed to update the VFs configuration of network interface card type 82599ES and X520
2003996 - ovirt_snapshot module fails to delete snapshot when there is a “Next Run configuration snapshot”
2006602 - vm_statistics table has wrong type for guest_mem_* columns.
2006745 - [MBS] Template disk Copy from data storage domain to Managed Block Storage domain is failing
2007384 - Failed to parse ‘writeRate’ value xxxx to integer: For input string: xxxx
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
2008798 - Older name rhv-openvswitch is not checked in ansible playbook
2010203 - Log analyzer creates faulty VM unmanaged devices report
2010903 - I/O operations/sec reporting wrong values
2013928 - Log analyzer creates faulty non default vdc_option report
2014888 - oVirt executive dashboard/Virtual Machine dashboard does not actually show disk I/O operations per second, but it shows sum of I/o operations since the boot time of VM
2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied
2019144 - CVE-2021-41182 jquery-ui: XSS in the altField option of the datepicker widget
2019148 - CVE-2021-41183 jquery-ui: XSS in *Text options of the datepicker widget
2019153 - CVE-2021-41184 jquery-ui: XSS in the ‘of’ option of the .position() util
2021217 - [RFE] Windows 2022 support
2023250 - [RFE] Use virt:rhel module instead of virt:av in RHEL 8.6+ to get advanced virtualization packages
2023786 - RHV VM with SAP monitoring configuration does not fail to start if the Host is missing vdsm-hook-vhostmd
2024202 - RHV Dashboard does not show memory and storage details properly when using Spanish language.
2025936 - metrics configuration playbooks failing due to rhel-system-role last refactor
2030596 - [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied
2030663 - Update Network statistics types in DWH
2031027 - The /usr/share/ovirt-engine/ansible-runner-service-project/inventory/hosts fails rpm verification
2035051 - removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree
2037115 - rhv-image-discrepancies (rhv-log-collector-analyzer-1.0.11-1.el8ev) tool continues flags OVF_STORE volumes.
2037121 - RFE: Add Data Center and Storage Domain name in the rhv-image-discrepancies tool output.
2040361 - Hotplug VirtIO-SCSI disk fails with error “Domain already contains a disk with that address” when IO threads > 1
2040402 - unable to use --log-size=0 option
2040474 - [RFE] Add progress tracking for Cluster Upgrade
2041544 - Admin GUI: Making selection of host while uploading disk it will immediately replace it with the first active host in the list.
2043146 - Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate
2044273 - Remove the RHV Guest Tools ISO image upload option from engine-setup
2048546 - sosreport command should be replaced by sos report
2050566 - Upgrade ovirt-log-collector to 4.4.5
2050614 - Upgrade rhvm-setup-plugins to 4.5.0
2051857 - Upgrade rhv-log-collector-analizer to 1.0.13
2052557 - RHV fails to release mdev vGPU device after VM shutdown
2052690 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine
2054756 - [welcome page] Add link to MTV guide
2055136 - virt module is not changed to the correct stream during host upgrade
2056021 - [BUG]: “Enroll Certificate” operation not updating libvirt-vnc cert and key
2056052 - RHV-H w/ PCI-DSS profile causes OVA export to fail
2056126 - [RFE] Extend time to warn of upcoming certificate expiration
2058264 - Export as OVA playbook gets stuck with ‘found an incomplete artifacts directory…Possible ansible_runner error?’
2059521 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine-metrics
2059877 - [DOCS][Upgrade] Update RHVM update procedure in Upgrade guide
2061904 - Unable to attach a RHV Host back into cluster after removing due to networking
2065052 - [TRACKER] Upgrade to ansible-core-2.12 in RHV 4.4 SP1
2066084 - vmconsole-proxy-user certificate expired - cannot access serial console
2066283 - Upgrade from RHV 4.4.10 to RHV 4.5.0 is broken
2069972 - [Doc][RN]Add cluster-level 4.7 to compatibility table
2070156 - [TESTONLY] Test upgrade from ovirt-engine-4.4.1
2071468 - Engine fenced host that was already reconnected and set to Up status.
2072637 - Build and distribute python38-daemon in RHV channels
2072639 - Build and distribute ansible-runner in RHV channels
2072641 - Build and distribute python38-docutils in RHV channels
2072642 - Build and distribute python38-lockfile in RHV channels
2072645 - Build and distribute python38-pexpect in RHV channels
2072646 - Build and distribute python38-ptyprocess in RHV channels
2075352 - upgrading RHV-H does not renew certificate
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source:
ansible-runner-2.1.3-1.el8ev.src.rpm
apache-sshd-2.8.0-0.1.el8ev.src.rpm
engine-db-query-1.6.4-1.el8ev.src.rpm
ovirt-dependencies-4.5.1-1.el8ev.src.rpm
ovirt-engine-4.5.0.7-0.9.el8ev.src.rpm
ovirt-engine-dwh-4.5.2-1.el8ev.src.rpm
ovirt-engine-metrics-1.6.0-1.el8ev.src.rpm
ovirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm
ovirt-log-collector-4.4.5-1.el8ev.src.rpm
ovirt-web-ui-1.8.1-2.el8ev.src.rpm
rhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm
rhvm-branding-rhv-4.4.11-1.el8ev.src.rpm
rhvm-setup-plugins-4.5.0-2.el8ev.src.rpm
vdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm
noarch:
ansible-runner-2.1.3-1.el8ev.noarch.rpm
apache-sshd-2.8.0-0.1.el8ev.noarch.rpm
apache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm
engine-db-query-1.6.4-1.el8ev.noarch.rpm
ovirt-dependencies-4.5.1-1.el8ev.noarch.rpm
ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm
ovirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm
ovirt-log-collector-4.4.5-1.el8ev.noarch.rpm
ovirt-web-ui-1.8.1-2.el8ev.noarch.rpm
python3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm
python38-ansible-runner-2.1.3-1.el8ev.noarch.rpm
python38-docutils-0.14-12.4.el8ev.noarch.rpm
rhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm
rhvm-4.5.0.7-0.9.el8ev.noarch.rpm
rhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm
rhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm
vdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm
vdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3807
https://access.redhat.com/security/cve/CVE-2021-23425
https://access.redhat.com/security/cve/CVE-2021-33502
https://access.redhat.com/security/cve/CVE-2021-41182
https://access.redhat.com/security/cve/CVE-2021-41183
https://access.redhat.com/security/cve/CVE-2021-41184
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYo/qI9zjgjWX9erEAQhpng//aJBlyx9sUzPTC08WE6OwY4Ihk8b0wSh5
C9RWX/PmlDE2CAivQHpSs8D7/IizHl4Arn6f0HJx+NavN8YfbApqs2mcq+KUKYuC
/VxCb3YlukeDsXeYIM+ScifS9M+N+WNGy9BRrlcYxZ4Ya5zLYv/ibrrHCX44yKz8
Jg5abyQyCzI6DEPjSDRIZkULLIdkbQ8xGd7j5P4ThAR2MRf8deeHez4/NmfrQm6n
Q3f4qeQlljiNgoGdxa2z65Shxpb3pkWGt81MZuMwKpRa6EDBDs8vGMA0LZamsikv
XZUU2P7d+JrXvLd2bmfGty6EaQ2FY0XoB0vvK1AyUhSZkX2thUvFsEgIdWjLSu4a
eT28D2etZLTIyl1DB42L+5gcomaQTn0sT0i99ExWkFyf9xWne+ygOFYydjV0/fy+
530Pwzlk9c2QtHgJ/XzGU12QLzKa/tvLbqXTfmAmlqDkU/+3aIr2l5SgnudzY4NN
BAUae8noIVWEs6L+6DY5HYt+x+WYYLipQh9gPjpBOaH+sEFvZ2+GzlVR0zF4IM5E
qLH5bopwO6GfHeNjv+4U+l+3kjhJIpwrsy/uzc+/mExrraYFpZc8skbcGRyhQ7ML
CtHSV7Y4x/OguhgYeqx1ocCfpIpkbu4MGa4esGDW4ocvL03AHnbxOG7gGvBH35oF
cada2etYwu0=nreb
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
OX App Suite frontend version 7.10.6-rev42 suffers from cross site scripting vulnerabilities. OX App Suite backend versions 7.10.6-rev61 and 8.22 suffer from a denial of service vulnerability.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Ubuntu Security Notice 6419-1 - Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7020: elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure * CVE-2020-9484: tomcat: deserialization flaw in session persistence storage leading to RCE * CVE-2020-15250: ju...
Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.