Filtered by vendor Redhat Subscriptions
Filtered by product Virtualization Subscriptions
Total 128 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-7750 3 Debian, Paramiko, Redhat 18 Debian Linux, Paramiko, Ansible Engine and 15 more 2024-11-21 9.8 Critical
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-6764 3 Canonical, Debian, Redhat 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2024-11-21 N/A
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
CVE-2018-5968 4 Debian, Fasterxml, Netapp and 1 more 12 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 9 more 2024-11-21 8.1 High
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVE-2018-5390 8 A10networks, Canonical, Cisco and 5 more 47 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 44 more 2024-11-21 7.5 High
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-5344 3 Canonical, Linux, Redhat 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more 2024-11-21 N/A
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more 2024-11-21 5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-1114 1 Redhat 7 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Fuse and 4 more 2024-11-21 N/A
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-1088 3 Debian, Opensuse, Redhat 8 Debian Linux, Leap, Enterprise Linux and 5 more 2024-11-21 8.1 High
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVE-2018-1073 2 Ovirt, Redhat 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more 2024-11-21 5.3 Medium
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 11 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 8 more 2024-11-21 N/A
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-11-21 9.8 Critical
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17958 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-11-21 7.5 High
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-16881 3 Debian, Redhat, Rsyslog 14 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 11 more 2024-11-21 7.5 High
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2018-14661 3 Debian, Gluster, Redhat 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more 2024-11-21 6.5 Medium
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
CVE-2018-14660 3 Debian, Gluster, Redhat 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more 2024-11-21 6.5 Medium
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVE-2018-14659 2 Debian, Redhat 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more 2024-11-21 6.5 Medium
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
CVE-2018-14654 2 Debian, Redhat 8 Debian Linux, Enterprise Linux, Enterprise Linux Server and 5 more 2024-11-21 6.5 Medium
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.
CVE-2018-13405 6 Canonical, Debian, F5 and 3 more 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more 2024-11-21 7.8 High
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVE-2018-11806 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2024-11-21 8.2 High
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-10930 4 Debian, Gluster, Opensuse and 1 more 8 Debian Linux, Glusterfs, Leap and 5 more 2024-11-21 6.5 Medium
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.