Product:

Virtualization

(Redhat)
Date Id Summary Products Score Patch Annotated
2018-02-06 CVE-2017-7525 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Struts, Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Communications_billing_and_revenue_management, Communications_communications_policy_management, Communications_diameter_signaling_route, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Virtualization, Virtualization_host 9.8
2020-12-21 CVE-2020-35497 A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Ovirt\-Engine, Virtualization 6.5
2016-12-23 CVE-2016-9921 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Debian_linux, Qemu, Openstack, Virtualization 6.5
2016-12-23 CVE-2016-9911 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Debian_linux, Qemu, Openstack, Virtualization 6.5
2016-12-23 CVE-2016-9907 Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Debian_linux, Qemu, Openstack, Virtualization 6.5
2019-06-12 CVE-2019-3888 A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) Undertow, Virtualization, Virtualization_host 9.8
2020-01-02 CVE-2019-14859 A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Python\-Ecdsa, Ceph_storage, Openstack, Virtualization 9.1
2018-06-19 CVE-2018-1073 The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. Ovirt\-Engine, Virtualization, Virtualization_host 5.3
2017-03-27 CVE-2017-5973 The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. Debian_linux, Qemu, Openstack, Virtualization 5.5
2014-06-05 CVE-2014-3469 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Debian_linux, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A