Virtualization Host

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-10914	NULL Pointer Dereference vulnerability in multiple products It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. network low complexity gluster redhat debian opensuse CWE-476	4.0
2018-09-04	CVE-2018-10913	Information Exposure Through an Error Message vulnerability in multiple products An information disclosure vulnerability was discovered in glusterfs server. network low complexity gluster redhat debian opensuse CWE-209	4.0
2018-09-04	CVE-2018-10911	Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. network low complexity gluster redhat debian opensuse CWE-502	5.0
2018-09-04	CVE-2018-10907	Stack-based Buffer Overflow vulnerability in multiple products It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. network low complexity gluster redhat debian opensuse CWE-121	6.5
2018-09-04	CVE-2018-10904	Untrusted Search Path vulnerability in multiple products It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. network low complexity gluster redhat debian opensuse CWE-426	6.5
2018-08-22	CVE-2018-10858	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. network low complexity debian canonical samba redhat CWE-119	6.5
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	6.5
2018-07-13	CVE-2018-10875	Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. local low complexity redhat debian suse canonical CWE-426	4.6
2018-07-02	CVE-2018-10874	Untrusted Search Path vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. local low complexity redhat CWE-426	7.8
2018-06-20	CVE-2018-1120	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel A flaw was found affecting the Linux kernel before version 4.17. network linux redhat debian canonical CWE-119	3.5