Vulnerabilities > Redhat > Virtualization Host

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10914 NULL Pointer Dereference vulnerability in multiple products
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service.
network
low complexity
gluster redhat debian opensuse CWE-476
4.0
2018-09-04 CVE-2018-10913 Information Exposure Through an Error Message vulnerability in multiple products
An information disclosure vulnerability was discovered in glusterfs server.
network
low complexity
gluster redhat debian opensuse CWE-209
4.0
2018-09-04 CVE-2018-10911 Deserialization of Untrusted Data vulnerability in multiple products
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster redhat debian opensuse CWE-502
5.0
2018-09-04 CVE-2018-10907 Stack-based Buffer Overflow vulnerability in multiple products
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster redhat debian opensuse CWE-121
6.5
2018-09-04 CVE-2018-10904 Untrusted Search Path vulnerability in multiple products
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse CWE-426
6.5
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
6.5
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
6.5
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
4.6
2018-07-02 CVE-2018-10874 Untrusted Search Path vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat CWE-426
7.8
2018-06-20 CVE-2018-1120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
A flaw was found affecting the Linux kernel before version 4.17.
3.5