Vulnerabilities > Redhat > Virtualization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-3804 | Missing Initialization of Resource vulnerability in multiple products It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. | 7.5 |
| 2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 5.5 |
| 2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
| 2018-11-01 | CVE-2018-14660 | Resource Exhaustion vulnerability in multiple products A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. | 6.5 |
| 2018-10-31 | CVE-2018-14661 | Improper Input Validation vulnerability in multiple products It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. | 6.5 |
| 2018-10-31 | CVE-2018-14659 | Resource Exhaustion vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. | 6.5 |
| 2018-10-31 | CVE-2018-14654 | Path Traversal vulnerability in multiple products The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. | 6.5 |
| 2018-10-09 | CVE-2018-17963 | Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |