Vulnerabilities > Redhat > Virtualization > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 7.8 |
2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |
2019-03-26 | CVE-2019-3804 | Missing Initialization of Resource vulnerability in multiple products It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. | 7.5 |
2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 8.1 |
2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
2018-10-09 | CVE-2018-17958 | Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | 7.5 |
2018-08-22 | CVE-2018-10858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. | 8.8 |
2018-08-17 | CVE-2018-10873 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. | 8.8 |
2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 7.5 |
2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |