Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Virtualization
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/qos-ch/slf4j • git://git.openssl.org/openssl.git • https://github.com/bcgit/bc-java • https://github.com/rpm-software-management/yum-utils |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-12-23 | CVE-2016-9907 | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | Debian_linux, Qemu, Openstack, Virtualization | 6.5 | ||
| 2016-12-23 | CVE-2016-9911 | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | Debian_linux, Qemu, Openstack, Virtualization | 6.5 | ||
| 2016-12-23 | CVE-2016-9921 | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | Debian_linux, Qemu, Openstack, Virtualization | 6.5 | ||
| 2018-04-18 | CVE-2018-1088 | A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. | Debian_linux, Leap, Enterprise_linux_server, Gluster_storage, Virtualization, Virtualization_host | 8.1 | ||
| 2018-07-02 | CVE-2018-10874 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | Ansible_engine, Openstack, Virtualization, Virtualization_host | 7.8 | ||
| 2018-07-26 | CVE-2017-7539 | An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. | Qemu, Openstack, Virtualization | 7.5 | ||
| 2018-08-01 | CVE-2018-10897 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and... | Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Yum\-Utils | 8.1 | ||
| 2018-10-31 | CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Gluster_storage, Virtualization, Virtualization_host | 6.5 | ||
| 2018-10-31 | CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | Debian_linux, Enterprise_linux_server, Gluster_file_system, Virtualization, Virtualization_host | 6.5 | ||
| 2018-10-31 | CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | Debian_linux, Glusterfs, Enterprise_linux_server, Virtualization, Virtualization_host | 6.5 |