Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Virtualization Host Subscribe

Filter

35 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-10237 2 Google, Redhat 6 Guava, Jboss Enterprise Application Platform, Openstack and 3 more 2019-06-12 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the...
CVE-2018-18559 3 Canonical, Linux, Redhat 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2019-05-14 6.8
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for...
CVE-2018-1068 4 Linux, Redhat, Canonical and 1 more 10 Linux Kernel, Virtualization Host, Ubuntu Linux and 7 more 2019-05-14 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2017-1000407 4 Linux, Redhat, Canonical and 1 more 11 Linux Kernel, Linux, Virtualization Host and 8 more 2019-05-14 6.1
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-05-10 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2018-10858 4 Samba, Canonical, Debian and 1 more 8 Samba, Ubuntu Linux, Debian Linux and 5 more 2019-05-10 6.5
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9...
CVE-2018-5848 3 Google, Redhat, Debian 6 Android, Virtualization Host, Debian Linux and 3 more 2019-05-02 4.6
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM,...
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2019-04-27 4.0
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-6485 4 Gnu, Redhat, Netapp and 1 more 14 Glibc, Virtualization Host, Enterprise Linux Desktop and 11 more 2019-04-26 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading...
CVE-2018-11237 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 4.6
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-11236 4 Gnu, Redhat, Netapp and 1 more 9 Glibc, Virtualization Host, Enterprise Linux Desktop and 6 more 2019-04-25 7.5
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer...
CVE-2018-18397 3 Linux, Redhat, Canonical 11 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 8 more 2019-04-25 2.1
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that...
CVE-2018-10874 1 Redhat 4 Ansible Engine, Openstack, Virtualization and 1 more 2019-04-23 4.6
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
CVE-2018-10873 4 Spice Project, Redhat, Canonical and 1 more 11 Spice, Virtualization, Virtualization Host and 8 more 2019-04-22 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to...
CVE-2018-1000805 4 Paramiko, Canonical, Debian and 1 more 12 Paramiko, Ubuntu Linux, Debian Linux and 9 more 2019-04-16 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-10675 3 Linux, Redhat, Canonical 9 Linux Kernel, Virtualization Host, Ubuntu Linux and 6 more 2019-04-16 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2017-1000410 3 Linux, Redhat, Debian 9 Linux Kernel, Virtualization Host, Debian Linux and 6 more 2019-04-08 5.0
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be...
CVE-2018-10926 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 6.5
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
CVE-2018-10930 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10927 2 Debian, Redhat 5 Debian Linux, Enterprise Linux, Enterprise Linux Server and 2 more 2019-03-21 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.