Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
7.5
2018-09-11 CVE-2018-1114 Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust.
network
low complexity
redhat CWE-400
6.5
2018-09-04 CVE-2018-10930 A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
gluster redhat debian opensuse
6.5
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
2018-08-20 CVE-2015-5160 Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
local
low complexity
libvirt redhat CWE-200
5.5
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
8.8
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
2018-08-09 CVE-2018-10908 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources.
local
low complexity
ovirt redhat CWE-770
6.3
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-08-01 CVE-2018-10897 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files.
network
high complexity
rpm redhat
8.1