|
2019-01-25
|
CVE-2018-16881
|
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
|
Debian_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Virtualization_host, Virtualization_manager, Rsyslog
|
7.5
|
|
|
|
2021-05-06
|
CVE-2021-3501
|
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
|
Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Enterprise_linux, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Virtualization, Virtualization_host
|
7.1
|
|
|
|
2018-03-13
|
CVE-2018-7750
|
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
|
Debian_linux, Paramiko, Ansible_engine, Cloudforms, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization
|
9.8
|
|
|
|
2019-06-12
|
CVE-2019-3888
|
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
|
Active_iq_unified_manager, Jboss_data_grid, Openshift_application_runtimes, Undertow, Virtualization, Virtualization_host
|
9.8
|
|
|
|
2018-09-04
|
CVE-2018-10930
|
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
|
Debian_linux, Glusterfs, Leap, Enterprise_linux, Enterprise_linux_server, Virtualization, Virtualization_host
|
6.5
|
|
|
|
2018-05-22
|
CVE-2018-3639
|
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
|
Cortex\-A, Ubuntu_linux, Debian_linux, Atom_c, Atom_e, Atom_x5\-E3930, Atom_x5\-E3940, Atom_x7\-E3950, Atom_z, Celeron_j, Celeron_n, Core_i3, Core_i5, Core_i7, Core_m, Pentium, Pentium_j, Pentium_silver, Xeon_e3, Xeon_e3_1105c_v2, Xeon_e3_1125c_v2, Xeon_e3_12201, Xeon_e3_12201_v2, Xeon_e3_1220_v2, Xeon_e3_1220_v3, Xeon_e3_1220_v5, Xeon_e3_1220_v6, Xeon_e3_1220l_v3, Xeon_e3_1225, Xeon_e3_1225_v2, Xeon_e3_1225_v3, Xeon_e3_1225_v5, Xeon_e3_1225_v6, Xeon_e3_1226_v3, Xeon_e3_1230, Xeon_e3_1230_v2, Xeon_e3_1230_v3, Xeon_e3_1230_v5, Xeon_e3_1230_v6, Xeon_e3_1230l_v3, Xeon_e3_1231_v3, Xeon_e3_1235, Xeon_e3_1235l_v5, Xeon_e3_1240, Xeon_e3_1240_v2, Xeon_e3_1240_v3, Xeon_e3_1240_v5, Xeon_e3_1240_v6, Xeon_e3_1240l_v3, Xeon_e3_1240l_v5, Xeon_e3_1241_v3, Xeon_e3_1245, Xeon_e3_1245_v2, Xeon_e3_1245_v3, Xeon_e3_1245_v5, Xeon_e3_1245_v6, Xeon_e3_1246_v3, Xeon_e3_1258l_v4, Xeon_e3_1260l, Xeon_e3_1260l_v5, Xeon_e3_1265l_v2, Xeon_e3_1265l_v3, Xeon_e3_1265l_v4, Xeon_e3_1268l_v3, Xeon_e3_1268l_v5, Xeon_e3_1270, Xeon_e3_1270_v2, Xeon_e3_1270_v3, Xeon_e3_1270_v5, Xeon_e3_1270_v6, Xeon_e3_1271_v3, Xeon_e3_1275_v2, Xeon_e3_1275_v3, Xeon_e3_1275_v5, Xeon_e3_1275_v6, Xeon_e3_1275l_v3, Xeon_e3_1276_v3, Xeon_e3_1278l_v4, Xeon_e3_1280, Xeon_e3_1280_v2, Xeon_e3_1280_v3, Xeon_e3_1280_v5, Xeon_e3_1280_v6, Xeon_e3_1281_v3, Xeon_e3_1285_v3, Xeon_e3_1285_v4, Xeon_e3_1285_v6, Xeon_e3_1285l_v3, Xeon_e3_1285l_v4, Xeon_e3_1286_v3, Xeon_e3_1286l_v3, Xeon_e3_1290, Xeon_e3_1290_v2, Xeon_e3_1501l_v6, Xeon_e3_1501m_v6, Xeon_e3_1505l_v5, Xeon_e3_1505l_v6, Xeon_e3_1505m_v5, Xeon_e5, Xeon_e5_1428l, Xeon_e5_1428l_v2, Xeon_e5_1428l_v3, Xeon_e5_1620, Xeon_e5_1620_v2, Xeon_e5_1620_v3, Xeon_e5_1620_v4, Xeon_e5_1630_v3, Xeon_e5_1630_v4, Xeon_e5_1650, Xeon_e5_1650_v2, Xeon_e5_1650_v3, Xeon_e5_1650_v4, Xeon_e5_1660, Xeon_e5_1660_v2, Xeon_e5_1660_v3, Xeon_e5_1660_v4, Xeon_e5_1680_v3, Xeon_e5_1680_v4, Xeon_e5_2403, Xeon_e5_2403_v2, Xeon_e5_2407, Xeon_e5_2407_v2, Xeon_e5_2408l_v3, Xeon_e5_2418l, Xeon_e5_2418l_v2, Xeon_e5_2418l_v3, Xeon_e5_2420, Xeon_e5_2420_v2, Xeon_e5_2428l, Xeon_e5_2428l_v2, Xeon_e5_2428l_v3, Xeon_e5_2430, Xeon_e5_2430_v2, Xeon_e5_2430l, Xeon_e5_2430l_v2, Xeon_e5_2438l_v3, Xeon_e5_2440, Xeon_e5_2440_v2, Xeon_e5_2448l, Xeon_e5_2448l_v2, Xeon_e5_2450, Xeon_e5_2450_v2, Xeon_e5_2450l, Xeon_e5_2450l_v2, Xeon_e5_2470, Xeon_e5_2470_v2, Xeon_e5_2603, Xeon_e5_2603_v2, Xeon_e5_2603_v3, Xeon_e5_2603_v4, Xeon_e5_2608l_v3, Xeon_e5_2608l_v4, Xeon_e5_2609, Xeon_e5_2609_v2, Xeon_e5_2609_v3, Xeon_e5_2609_v4, Xeon_e5_2618l_v2, Xeon_e5_2618l_v3, Xeon_e5_2618l_v4, Xeon_e5_2620, Xeon_e5_2620_v2, Xeon_e5_2620_v3, Xeon_e5_2620_v4, Xeon_e5_2623_v3, Xeon_e5_2623_v4, Xeon_e5_2628l_v2, Xeon_e5_2628l_v3, Xeon_e5_2628l_v4, Xeon_e5_2630, Xeon_e5_2630_v2, Xeon_e5_2630_v3, Xeon_e5_2630_v4, Xeon_e5_2630l, Xeon_e5_2630l_v2, Xeon_e5_2630l_v3, Xeon_e5_2630l_v4, Xeon_e5_2637, Xeon_e5_2637_v2, Xeon_e5_2637_v3, Xeon_e5_2637_v4, Xeon_e5_2640, Xeon_e5_2640_v2, Xeon_e5_2640_v3, Xeon_e5_2640_v4, Xeon_e5_2643, Xeon_e5_2643_v2, Xeon_e5_2643_v3, Xeon_e5_2643_v4, Xeon_e5_2648l, Xeon_e5_2648l_v2, Xeon_e5_2648l_v3, Xeon_e5_2648l_v4, Xeon_e5_2650, Xeon_e5_2650_v2, Xeon_e5_2650_v3, Xeon_e5_2650_v4, Xeon_e5_2650l, Xeon_e5_2650l_v2, Xeon_e5_2650l_v3, Xeon_e7, Xeon_e\-1105c, Xeon_gold, Xeon_platinum, Xeon_silver, Surface, Surface_book, Surface_pro, Surface_pro_with_lte_advanced, Surface_studio, Windows_10, Windows_7, Windows_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Micloud_management_portal, Micollab, Mivoic_mx\-One, Mivoice_5000, Mivoice_border_gateway, Mivoice_business, Mivoice_connect, Open_integration_gateway, Jetson_tx1, Jetson_tx2, Local_service_management_system, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Openstack, Virtualization, Virtualization_manager, Struxureware_data_center_expert, Itc1500_firmware, Itc1500_pro_firmware, Itc1900_firmware, Itc1900_pro_firmware, Itc2200_firmware, Itc2200_pro_firmware, Ruggedcom_ape_firmware, Simatic_et_200_sp_firmware, Simatic_field_pg_m4_firmware, Simatic_field_pg_m5_firmware, Simatic_ipc3000_smart_firmware, Simatic_ipc347e_firmware, Simatic_ipc427c_firmware, Simatic_ipc427d_firmware, Simatic_ipc427e_firmware, Simatic_ipc477c_firmware, Simatic_ipc477d_firmware, Simatic_ipc477e_firmware, Simatic_ipc477e_pro_firmware, Simatic_ipc547e_firmware, Simatic_ipc547g_firmware, Simatic_ipc627c_firmware, Simatic_ipc627d_firmware, Simatic_ipc647c_firmware, Simatic_ipc647d_firmware, Simatic_ipc677c_firmware, Simatic_ipc677d_firmware, Simatic_ipc827c_firmware, Simatic_ipc827d_firmware, Simatic_ipc847c_firmware, Simatic_ipc847d_firmware, Simatic_itp1000_firmware, Simatic_s7\-1500_firmware, Simotion_p320\-4e_firmware, Sinema_remote_connect_firmware, Sinumerik_840_d_sl_firmware, Sinumerik_pcu_50\.5_firmware, Sinumerik_tcu_30\.3_firmware, Cloud_global_management_system, Email_security, Global_management_system, Secure_mobile_access, Sonicosv, Web_application_firewall
|
5.5
|
|
|
|
2016-05-11
|
CVE-2016-3710
|
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
|
Ubuntu_linux, Xenserver, Debian_linux, Helion_openstack, Linux, Vm_server, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization
|
8.8
|
|
|
|
2016-08-02
|
CVE-2016-5403
|
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
|
Ubuntu_linux, Debian_linux, Linux, Vm_server, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization
|
5.5
|
|
|
|
2017-05-23
|
CVE-2017-9214
|
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
|
Debian_linux, Openvswitch, Openstack, Virtualization, Virtualization_manager
|
9.8
|
|
|
|
2017-08-02
|
CVE-2017-10664
|
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
|
Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization
|
7.5
|
|
|