Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Virtualization Host Subscribe

Filter

39 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1120 4 Redhat, Debian, Linux and 1 more 9 Enterprise Mrg, Debian Linux, Linux Kernel and 6 more 2019-10-09 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as...
CVE-2018-1118 4 Linux, Redhat, Canonical and 1 more 7 Linux Kernel, Virtualization Host, Ubuntu Linux and 4 more 2019-10-09 2.1
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some...
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2019-10-09 4.0
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-10873 4 Spice Project, Redhat, Canonical and 1 more 11 Spice, Virtualization, Virtualization Host and 8 more 2019-10-09 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to...
CVE-2018-1000805 4 Paramiko, Canonical, Debian and 1 more 12 Paramiko, Ubuntu Linux, Debian Linux and 9 more 2019-10-03 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-1088 1 Redhat 4 Gluster Storage, Virtualization, Virtualization Host and 1 more 2019-10-03 6.8
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVE-2018-10927 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10930 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-18397 3 Linux, Redhat, Canonical 11 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 8 more 2019-10-03 2.1
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that...
CVE-2018-1000001 3 Gnu, Redhat, Canonical 9 Glibc, Virtualization Host, Ubuntu Linux and 6 more 2019-10-03 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018-14660 2 Redhat, Gluster 5 Gluster Storage, Virtualization Host, Enterprise Linux Server and 2 more 2019-10-03 4.0
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr...
CVE-2018-5968 3 Fasterxml, Redhat, Debian 4 Jackson-databind, Virtualization, Virtualization Host and 1 more 2019-09-27 5.1
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different...
CVE-2017-7525 3 Fasterxml, Debian, Redhat 6 Jackson-databind, Debian Linux, Jackson and 3 more 2019-09-27 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the...
CVE-2019-1125 2 Redhat, Microsoft 15 Virtualization Host, Windows 10, Windows 7 and 12 more 2019-09-10 2.1
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-07-25 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2018-10874 1 Redhat 4 Ansible Engine, Openstack, Virtualization and 1 more 2019-07-25 4.6
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
CVE-2018-10858 4 Samba, Canonical, Debian and 1 more 8 Samba, Ubuntu Linux, Debian Linux and 5 more 2019-06-26 6.5
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9...
CVE-2018-10237 2 Google, Redhat 6 Guava, Jboss Enterprise Application Platform, Openstack and 3 more 2019-06-12 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the...
CVE-2018-18559 3 Canonical, Linux, Redhat 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2019-05-14 6.8
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for...
CVE-2018-1068 4 Linux, Redhat, Canonical and 1 more 10 Linux Kernel, Virtualization Host, Ubuntu Linux and 7 more 2019-05-14 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.