Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
2018-07-27 CVE-2017-15113 Information Exposure Through Log Files vulnerability in multiple products
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking.
network
high complexity
ovirt redhat CWE-532
6.6
2018-07-27 CVE-2018-10862 Path Traversal vulnerability in Redhat products
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files.
local
low complexity
redhat CWE-22
5.5
2018-07-26 CVE-2017-7539 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat
7.5
2018-07-26 CVE-2016-8647 Unspecified vulnerability in Redhat Ansible Engine
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
network
low complexity
redhat
4.9
2018-07-19 CVE-2017-7481 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.
network
low complexity
redhat canonical debian
critical
9.8
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-06 CVE-2018-13405 Improper Privilege Management vulnerability in multiple products
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.
7.8
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8