Vulnerabilities > Redhat > Virtualization Host

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.1
2022-02-16 CVE-2021-3560 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
7.8
2022-02-16 CVE-2021-3752 Race Condition vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition.
7.1
2022-01-20 CVE-2021-45417 Out-of-bounds Write vulnerability in multiple products
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
7.8
2021-12-23 CVE-2021-3621 OS Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
low complexity
fedoraproject redhat CWE-78
8.8
2021-05-06 CVE-2021-3501 A flaw was found in the Linux kernel in versions before 5.12.
local
low complexity
linux redhat fedoraproject netapp
7.1
2020-05-22 CVE-2020-10711 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.
network
high complexity
linux redhat debian opensuse canonical CWE-476
5.9
2019-09-19 CVE-2019-14821 An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. 8.8
2019-09-17 CVE-2019-14835 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. 7.8
2019-07-30 CVE-2019-10161 Missing Authorization vulnerability in multiple products
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process.
local
low complexity
redhat canonical CWE-862
7.8