Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Virtualization Host Subscribe

Filter

30 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2019-10-09 4.0
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-10873 4 Spice Project, Redhat, Canonical and 1 more 11 Spice, Virtualization, Virtualization Host and 8 more 2019-10-09 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to...
CVE-2018-14660 2 Redhat, Gluster 5 Gluster Storage, Virtualization Host, Enterprise Linux Server and 2 more 2019-10-03 4.0
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr...
CVE-2018-1000001 3 Gnu, Redhat, Canonical 9 Glibc, Virtualization Host, Ubuntu Linux and 6 more 2019-10-03 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018-1088 1 Redhat 4 Gluster Storage, Virtualization, Virtualization Host and 1 more 2019-10-03 6.8
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVE-2018-10927 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10930 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-1000805 4 Paramiko, Canonical, Debian and 1 more 12 Paramiko, Ubuntu Linux, Debian Linux and 9 more 2019-10-03 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-5968 3 Fasterxml, Redhat, Debian 4 Jackson-databind, Virtualization, Virtualization Host and 1 more 2019-09-27 5.1
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different...
CVE-2018-10874 1 Redhat 4 Ansible Engine, Openstack, Virtualization and 1 more 2019-07-25 4.6
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
CVE-2018-10858 4 Samba, Canonical, Debian and 1 more 8 Samba, Ubuntu Linux, Debian Linux and 5 more 2019-06-26 6.5
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9...
CVE-2018-10237 2 Google, Redhat 6 Guava, Jboss Enterprise Application Platform, Openstack and 3 more 2019-06-12 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the...
CVE-2018-18559 3 Canonical, Linux, Redhat 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2019-05-14 6.8
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for...
CVE-2018-1068 4 Linux, Redhat, Canonical and 1 more 10 Linux Kernel, Virtualization Host, Ubuntu Linux and 7 more 2019-05-14 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2017-1000407 4 Linux, Redhat, Canonical and 1 more 11 Linux Kernel, Linux, Virtualization Host and 8 more 2019-05-14 6.1
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
CVE-2018-5848 3 Google, Redhat, Debian 6 Android, Virtualization Host, Debian Linux and 3 more 2019-05-02 4.6
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM,...
CVE-2018-11237 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 4.6
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-10675 3 Linux, Redhat, Canonical 9 Linux Kernel, Virtualization Host, Ubuntu Linux and 6 more 2019-04-16 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2017-1000410 3 Linux, Redhat, Debian 9 Linux Kernel, Virtualization Host, Debian Linux and 6 more 2019-04-08 5.0
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be...
CVE-2018-10926 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 6.5
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.