Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Virtualization Host
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3609 3 Linux, Netapp, Redhat 43 Linux Kernel, H300e, H300e Firmware and 40 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
CVE-2021-3560 4 Canonical, Debian, Polkit Project and 1 more 7 Ubuntu Linux, Debian Linux, Polkit and 4 more 2024-11-21 7.2 HIGH 7.8 HIGH
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 27 Fedora, Linux Kernel, Cloud Backup and 24 more 2024-11-21 3.6 LOW 7.1 HIGH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-20316 3 Debian, Redhat, Samba 7 Debian Linux, Enterprise Linux, Enterprise Linux Aus and 4 more 2024-11-21 N/A 6.8 MEDIUM
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
CVE-2020-25717 5 Canonical, Debian, Fedoraproject and 2 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2024-11-21 8.5 HIGH 8.1 HIGH
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2020-10711 5 Canonical, Debian, Linux and 2 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
CVE-2019-3888 2 Netapp, Redhat 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
CVE-2019-3460 4 Canonical, Debian, Linux and 1 more 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more 2024-11-21 3.3 LOW 6.5 MEDIUM
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-1125 2 Microsoft, Redhat 15 Windows 10, Windows 7, Windows 8.1 and 12 more 2024-11-21 2.1 LOW 5.6 MEDIUM
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 44 Ubuntu Linux, Debian Linux, Fedora and 41 more 2024-11-21 7.2 HIGH 7.8 HIGH
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 38 Ubuntu Linux, Debian Linux, Fedora and 35 more 2024-11-21 7.2 HIGH 8.8 HIGH
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-11479 4 Canonical, F5, Linux and 1 more 21 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 18 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
CVE-2019-10161 2 Canonical, Redhat 5 Ubuntu Linux, Enterprise Linux, Libvirt and 2 more 2024-11-21 7.2 HIGH 7.8 HIGH
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVE-2018-8088 3 Oracle, Qos, Redhat 14 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 11 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
CVE-2018-7740 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
CVE-2018-6927 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2018-6485 4 Gnu, Netapp, Oracle and 1 more 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
CVE-2018-5968 4 Debian, Fasterxml, Netapp and 1 more 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVE-2018-5848 3 Debian, Google, Redhat 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.