Vulnerabilities > Redhat > Virtualization > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2015-5160 Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
local
low complexity
libvirt redhat CWE-200
5.5
2018-08-09 CVE-2018-10908 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources.
local
low complexity
ovirt redhat CWE-770
6.3
2018-07-27 CVE-2017-15113 Information Exposure Through Log Files vulnerability in multiple products
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking.
network
high complexity
ovirt redhat CWE-532
6.6
2018-07-27 CVE-2018-10862 Path Traversal vulnerability in Redhat products
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files.
local
low complexity
redhat CWE-22
5.5
2018-07-26 CVE-2016-8647 Unspecified vulnerability in Redhat Ansible Engine
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
network
low complexity
redhat
4.9
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-06-19 CVE-2018-1073 Information Exposure vulnerability in multiple products
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
network
low complexity
ovirt redhat CWE-200
5.3
2018-05-22 CVE-2018-3639 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
5.5
2018-04-26 CVE-2018-10237 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
network
high complexity
google redhat oracle CWE-770
5.9
2018-04-24 CVE-2018-1059 Information Exposure vulnerability in multiple products
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations.
high complexity
canonical redhat dpdk CWE-200
6.1