Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Virtualization Subscribe

Filter

50 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1000805 4 Paramiko, Canonical, Debian and 1 more 12 Paramiko, Ubuntu Linux, Debian Linux and 9 more 2019-04-16 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-04-09 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2018-18445 3 Canonical, Linux, Redhat 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more 2019-04-09 7.2
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles...
CVE-2018-7550 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-25 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read...
CVE-2018-1000808 2 Canonical, Redhat 7 Ubuntu Linux, Gluster Storage, Openstack and 4 more 2019-03-21 4.3
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is...
CVE-2018-10926 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 6.5
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
CVE-2018-10930 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10927 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10929 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 6.5
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVE-2018-17972 4 Canonical, Linux, Redhat and 1 more 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2019-03-18 4.9
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack...
CVE-2018-9568 3 Google, Canonical, Redhat 9 Android, Ubuntu Linux, Enterprise Linux Desktop and 6 more 2019-03-15 7.2
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...
CVE-2018-16865 4 Freedesktop, Canonical, Debian and 1 more 10 Systemd, Ubuntu Linux, Debian Linux and 7 more 2019-03-12 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...
CVE-2018-16864 4 Freedesktop, Canonical, Debian and 1 more 10 Systemd, Ubuntu Linux, Debian Linux and 7 more 2019-03-12 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to...
CVE-2018-5390 7 Cisco, F5, Redhat and 4 more 36 Collaboration Meeting Rooms, Digital Network Architecture Center, Expressway and 33 more 2019-03-11 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2019-3813 4 Spice Project, Canonical, Debian and 1 more 10 Spice, Ubuntu Linux, Debian Linux and 7 more 2019-03-08 5.4
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
CVE-2018-5344 3 Linux, Redhat, Canonical 6 Linux Kernel, Virtualization, Ubuntu Linux and 3 more 2019-03-08 4.6
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVE-2018-18397 3 Linux, Redhat, Canonical 10 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 7 more 2019-03-07 2.1
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that...
CVE-2018-17204 2 Redhat, Canonical 3 Openstack, Virtualization, Ubuntu Linux 2019-03-07 4.0
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded....
CVE-2018-17205 2 Redhat, Canonical 3 Openstack, Virtualization, Ubuntu Linux 2019-03-07 5.0
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the...
CVE-2018-17206 2 Redhat, Canonical 3 Openstack, Virtualization, Ubuntu Linux 2019-03-06 4.0
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.