Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Virtualization Host
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5803 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
CVE-2018-5750 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-1120 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-11-21 3.5 LOW 2.8 LOW
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVE-2018-1118 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-11-21 2.1 LOW 2.3 LOW
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
CVE-2018-1114 1 Redhat 3 Undertow, Virtualization, Virtualization Host 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-1088 3 Debian, Opensuse, Redhat 6 Debian Linux, Leap, Enterprise Linux Server and 3 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVE-2018-1073 2 Ovirt, Redhat 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-1068 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-1067 1 Redhat 4 Enterprise Linux, Jboss Enterprise Application Platform, Undertow and 1 more 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
CVE-2018-18559 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
CVE-2018-18397 3 Canonical, Linux, Redhat 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
CVE-2018-16881 3 Debian, Redhat, Rsyslog 13 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 10 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2018-14661 3 Debian, Gluster, Redhat 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
CVE-2018-14660 3 Debian, Gluster, Redhat 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVE-2018-14659 2 Debian, Redhat 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
CVE-2018-14654 2 Debian, Redhat 6 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 3 more 2024-11-21 8.5 HIGH 6.5 MEDIUM
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.
CVE-2018-11237 5 Canonical, Gnu, Netapp and 2 more 10 Ubuntu Linux, Glibc, Data Ontap Edge and 7 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-11236 4 Gnu, Netapp, Oracle and 1 more 9 Glibc, Data Ontap Edge, Element Software Management and 6 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
CVE-2018-10930 4 Debian, Gluster, Opensuse and 1 more 7 Debian Linux, Glusterfs, Leap and 4 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10929 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.