Product:

Virtualization

(Redhat)
Date Id Summary Products Score Patch Annotated
2018-10-09 CVE-2018-17958 Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Ubuntu_linux, Debian_linux, Qemu, Virtualization, Virtualization_manager N/A
2018-01-12 CVE-2018-5344 In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. Ubuntu_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization 7.8
2013-10-04 CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Ubuntu_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization N/A
2018-01-23 CVE-2018-5683 The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization N/A
2020-03-19 CVE-2019-19336 A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. Ovirt\-Engine, Virtualization N/A
2019-11-22 CVE-2015-1780 oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center Ovirt\-Engine, Virtualization N/A
2018-09-11 CVE-2018-1114 It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. Undertow, Virtualization, Virtualization_host 6.5
2018-08-09 CVE-2018-10908 It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host. Vdsm, Virtualization 6.3
2018-08-17 CVE-2018-10873 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Virtualization_host, Spice 8.8
2018-04-18 CVE-2017-12196 undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Jboss_enterprise_application_platform, Jboss_fuse, Undertow, Virtualization 5.9