Vulnerabilities > Redhat > Virtualization Host > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2018-11-01 | CVE-2018-14660 | Resource Exhaustion vulnerability in multiple products A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. | 6.5 |
| 2018-10-31 | CVE-2018-14661 | Improper Input Validation vulnerability in multiple products It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. | 6.5 |
| 2018-10-31 | CVE-2018-14659 | Resource Exhaustion vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. | 6.5 |
| 2018-10-31 | CVE-2018-14654 | Path Traversal vulnerability in multiple products The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. | 6.5 |
| 2018-10-08 | CVE-2018-1000805 | Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. | 6.5 |
| 2018-09-11 | CVE-2018-1114 | Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. | 4.0 |
| 2018-09-04 | CVE-2018-10930 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_rename_req in glusterfs server. | 4.0 |
| 2018-09-04 | CVE-2018-10929 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs2_create_req in glusterfs server. | 6.5 |
| 2018-09-04 | CVE-2018-10928 | Link Following vulnerability in multiple products A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. | 6.5 |