Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2019-3804 Missing Initialization of Resource vulnerability in multiple products
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack.
network
low complexity
cockpit-project fedoraproject redhat CWE-909
7.5
2019-03-25 CVE-2019-3879 Missing Authorization vulnerability in multiple products
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped.
network
low complexity
ovirt redhat CWE-862
8.1
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
9.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-01-25 CVE-2018-16881 Integer Overflow or Wraparound vulnerability in multiple products
A denial of service vulnerability was found in rsyslog in the imptcp module.
network
low complexity
rsyslog redhat debian CWE-190
7.5
2018-11-01 CVE-2018-14660 A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.
network
low complexity
gluster redhat debian
6.5
2018-10-31 CVE-2018-14661 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster debian redhat
6.5
2018-10-31 CVE-2018-14659 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr.
network
low complexity
redhat debian
6.5
2018-10-31 CVE-2018-14654 The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator.
network
low complexity
redhat debian
6.5
2018-10-09 CVE-2018-17963 Integer Overflow or Wraparound vulnerability in multiple products
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
qemu debian canonical redhat CWE-190
critical
9.8