Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Virtualization
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/qos-ch/slf4j • git://git.openssl.org/openssl.git • https://github.com/bcgit/bc-java • https://github.com/rpm-software-management/yum-utils |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-18 | CVE-2017-12196 | undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. | Jboss_enterprise_application_platform, Jboss_fuse, Undertow, Virtualization | 5.9 | ||
| 2018-08-22 | CVE-2018-10858 | A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Virtualization_host, Samba | 8.8 | ||
| 2019-01-11 | CVE-2018-16865 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. | Ubuntu_linux, Debian_linux, Systemd, Enterprise_communications_broker, Oracle_communications_session_border_controller, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 7.8 | ||
| 2019-01-11 | CVE-2018-16864 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. | Ubuntu_linux, Debian_linux, Systemd, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 7.8 | ||
| 2018-07-27 | CVE-2018-10862 | WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. | Jboss_enterprise_application_platform, Virtualization, Wildfly_core | 5.5 | ||
| 2018-02-23 | CVE-2018-6764 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Libvirt, Virtualization | 7.8 |