Product:

Virtualization

(Redhat)
Date Id Summary Products Score Patch Annotated
2023-10-06 CVE-2023-5366 A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Openvswitch, Enterprise_linux, Fast_datapath, Openshift_container_platform, Virtualization 5.5
2021-12-23 CVE-2021-3621 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Fedora, Sssd, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Virtualization, Virtualization_host 8.8
2023-10-03 CVE-2023-4911 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Fedora, Glibc, Codeready_linux_builder_eus, Codeready_linux_builder_for_arm64_eus, Codeready_linux_builder_for_ibm_z_systems_eus, Codeready_linux_builder_for_power_little_endian_eus, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Virtualization, Virtualization_host 7.8
2010-01-27 CVE-2009-4272 A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization 7.5
2015-01-28 CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Mac_os_x, Debian_linux, Glibc, Pureapplication_system, Security_access_manager_for_enterprise_single_sign\-On, Communications_application_session_controller, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_policy_management, Communications_session_border_controller, Communications_user_data_repository, Communications_webrtc_session_controller, Exalogic_infrastructure, Linux, Vm_virtualbox, Php, Virtualization N/A
2018-07-26 CVE-2016-8647 An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. Ansible_engine, Virtualization 4.9
2009-11-16 CVE-2009-3939 The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. Aura_application_enablement_services, Aura_communication_manager, Aura_session_manager, Aura_sip_enablement_services, Aura_system_manager, Aura_system_platform, Voice_portal, Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server 7.1
2022-03-03 CVE-2021-3620 A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Ansible_automation_platform_early_access, Ansible_engine, Enterprise_linux, Enterprise_linux_for_power_little_endian, Openstack, Virtualization, Virtualization_for_ibm_power_little_endian, Virtualization_host, Virtualization_manager 5.5
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. Goldengate_application_adapters, Goldengate_stream_analytics, Utilities_framework, Slf4j, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform, Virtualization, Virtualization_host 9.8
2021-08-31 CVE-2021-3634 A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also... Debian_linux, Fedora, Libssh, Cloud_backup, Mysql_workbench, Enterprise_linux, Virtualization 6.5