Product:

Virtualization

(Redhat)
Date ID Summary Products Score Patch Annotated
2018-01-12 CVE-2018-5344 In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. Ubuntu_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization 7.8
2018-09-25 CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may... Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_dekstop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization N/A
2020-08-18 CVE-2020-14333 A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. Virtualization N/A
2020-03-17 CVE-2020-1720 A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. Postgresql, Decision_manager, Enterprise_linux, Software_collections, Virtualization N/A
2018-08-09 CVE-2018-10915 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql... Ubuntu_linux, Debian_linux, Postgresql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openstack, Virtualization 7.5
2014-12-12 CVE-2014-7840 The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Virtualization N/A
2014-11-14 CVE-2014-7815 The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server N/A
2014-11-01 CVE-2014-3615 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization N/A
2013-10-04 CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Ubuntu_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization N/A
2013-02-13 CVE-2012-6075 Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Ubuntu_linux, Debian_linux, Fedora, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_server N/A