Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Virtualization_host
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/qos-ch/slf4j |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-18 | CVE-2018-1088 | A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. | Debian_linux, Leap, Enterprise_linux_server, Gluster_storage, Virtualization, Virtualization_host | 8.1 | ||
| 2018-05-10 | CVE-2018-1118 | Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host | 5.5 | ||
| 2018-07-02 | CVE-2018-10874 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | Ansible_engine, Openstack, Virtualization, Virtualization_host | 7.8 | ||
| 2018-10-31 | CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Gluster_storage, Virtualization, Virtualization_host | 6.5 | ||
| 2018-10-31 | CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | Debian_linux, Enterprise_linux_server, Gluster_file_system, Virtualization, Virtualization_host | 6.5 | ||
| 2018-10-31 | CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | Debian_linux, Glusterfs, Enterprise_linux_server, Virtualization, Virtualization_host | 6.5 | ||
| 2018-11-01 | CVE-2018-14660 | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | Debian_linux, Glusterfs, Enterprise_linux_server, Virtualization, Virtualization_host | 6.5 | ||
| 2022-03-04 | CVE-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | Debian_linux, Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Build_of_quarkus, Codeready_linux_builder, Codeready_linux_builder_eus, Codeready_linux_builder_for_power_little_endian, Codeready_linux_builder_for_power_little_endian_eus, Developer_tools, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_server_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Virtualization_host | 5.5 | ||
| 2022-08-26 | CVE-2022-0207 | A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | Vdsm, Virtualization, Virtualization_for_ibm_power_little_endian, Virtualization_host | 4.7 | ||
| 2022-03-04 | CVE-2021-3656 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a... | Fedora, Linux_kernel, 3scale_api_management, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Openstack, Software_collections, Virtualization_host | 8.8 |