Vulnerabilities > Redhat > Virtualization Host
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |
| 2019-06-19 | CVE-2019-11479 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. | 7.5 |
| 2019-06-12 | CVE-2019-3888 | Information Exposure Through Log Files vulnerability in multiple products A vulnerability was found in Undertow web server before 2.0.21. | 5.0 |
| 2019-04-11 | CVE-2019-3460 | Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | 6.5 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 2.1 |
| 2018-11-01 | CVE-2018-14660 | Resource Exhaustion vulnerability in multiple products A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. | 6.5 |
| 2018-10-31 | CVE-2018-14661 | Improper Input Validation vulnerability in multiple products It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. | 6.5 |
| 2018-10-31 | CVE-2018-14659 | Resource Exhaustion vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. | 6.5 |