Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Virtualization_host
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/qos-ch/slf4j |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-10 | CVE-2022-0516 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | Debian_linux, Fedora, Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Virtualization_host | 7.8 | ||
| 2018-05-18 | CVE-2018-11237 | An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | Ubuntu_linux, Glibc, Data_ontap_edge, Element_software_management, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host | 7.8 | ||
| 2021-05-06 | CVE-2021-3501 | A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Enterprise_linux, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Virtualization, Virtualization_host | 7.1 | ||
| 2018-09-04 | CVE-2018-10904 | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 8.8 | ||
| 2018-09-04 | CVE-2018-10911 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | Debian_linux, Glusterfs, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host | 7.5 | ||
| 2018-09-04 | CVE-2018-10913 | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 6.5 | ||
| 2018-09-04 | CVE-2018-10914 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 6.5 | ||
| 2018-09-04 | CVE-2018-10923 | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 8.1 | ||
| 2018-09-04 | CVE-2018-10926 | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | Debian_linux, Glusterfs, Leap, Enterprise_linux, Enterprise_linux_server, Virtualization_host | 8.8 | ||
| 2018-09-04 | CVE-2018-10927 | A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 8.1 |