Lucene search
K
RedhatVirtualization Host

84 matches found

CVE
CVE
added 2024/02/07 9:5 p.m.284 views

CVE-2023-6536

CVE-2023-6536 is a Linux kernel NVMe over TCP issue. The connected documents confirm a NULL pointer dereference in the NVMe target (nvmet_tcp_build_iovec and related paths) that could cause a kernel panic and denial of service. Affected software is the Linux kernel’s NVMe over TCP stack (nvmet_tc...

7.5CVSS6.9AI score0.01537EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.280 views

CVE-2018-5848

CVE-2018-5848 concerns the Linux kernel function wmi_set_ie(), where unsigned integer overflow in length validation can lead to a buffer overflow when processing the ie_len argument. The description across connected Nessus entries ties this to memory corruption and potential system crash, affecti...

7.8CVSS6.3AI score0.00366EPSS
CVE
CVE
added 2018/07/13 10:0 p.m.274 views

CVE-2018-10875

CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...

7.8CVSS7.7AI score0.00587EPSS
CVE
CVE
added 2018/09/04 4:0 p.m.273 views

CVE-2018-10929

CVE-2018-10929 affects GlusterFS (server side), where an authenticated attacker could exploit improper validation in the RPC path (gfs2_create_req) to create arbitrary files and potentially execute arbitrary code on storage server nodes. Connected advisories reference multiple vendors (Debian, Re...

8.8CVSS8.6AI score0.03336EPSS
CVE
CVE
added 2024/02/07 9:4 p.m.272 views

CVE-2023-6356

CVE-2023-6356 is a Linux kernel vulnerability in the NVMe driver affecting NVMe over TCP. The connected Nessus entries enumerate the issue as a NULL pointer dereference in the NVMe target path (nvmet_tcp_build_iovec/nvmet_tcp_execute_request/__nvmet_req_complete), which can lead to kernel panic a...

7.5CVSS7AI score0.01448EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.268 views

CVE-2018-10928

GlusterFS vulnerability CVE-2018-10928: an authenticated remote attacker could exploit improper validation of RPC requests via gfs3_symlink_req to create arbitrary symlinks outside the volume and potentially execute code on the server. Public advisories document multiple remediation streams acros...

8.8CVSS8.6AI score0.02699EPSS
CVE
CVE
added 2018/01/26 7:0 p.m.267 views

CVE-2018-5750

Technical details beyond the initial description are not present in the connected documents. The CVE-2018-5750 issue in the Linux kernel (via acpi_smbus_hc_add and SBS HC printk) is described in the Initial document as a local information disclosure; no additional public exploit/vendor-specific d...

5.5CVSS5.5AI score0.0049EPSS
CVE
CVE
added 2018/05/10 10:0 p.m.265 views

CVE-2018-1118

CVE-2018-1118 affects the Linux kernel vhost path used by /dev/vhost-net. The issue is improper memory initialization in vhost/vhost.c:vhost_new_msg(), enabling a local unprivileged user to read kernel memory contents. The vulnerability arises from memory not being initialized before being passed...

5.5CVSS5.6AI score0.00403EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.262 views

CVE-2018-10927

CVE-2018-10927 affects GlusterFS where an authenticated attacker could abuse RPC gfs3_lookup_req to leak information and cause remote denial of service by crashing the gluster brick process. Exploitation details in connected IBM PowerKVM advisory tied to PowerKVM 3.1; fixed in PowerKVM 3.1.0.2 up...

8.1CVSS7.9AI score0.02771EPSS
CVE
CVE
added 2022/03/03 6:23 p.m.259 views

CVE-2021-3620

CVE-2021-3620 is a disclosure vulnerability in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is exposed in traceback messages. The issue is documented across multiple sources (IBM Spectrum Fusion HCI bulletin, Debian LTS advisory, and ...

5.5CVSS5.3AI score0.00384EPSS
CVE
CVE
added 2021/05/05 10:31 p.m.258 views

CVE-2021-3501

CVE-2021-3501 affects Linux kernels prior to 5.12. The vulnerability arises from the KVM API: the internal.ndata value is mapped to an array index and can be updated by a user process at any time, enabling an out-of-bounds write. Documented impact is data integrity and system availability. A patc...

7.1CVSS6.3AI score0.00374EPSS
CVE
CVE
added 2018/05/18 4:0 p.m.254 views

CVE-2018-11236

Summary (CVE-2018-11236) : In glibc, the realpath path processing path can trigger an integer overflow in 32-bit builds within stdlib/canonicalize.c when handling very long pathname arguments, producing a stack-based buffer overflow and potentially arbitrary code execution. The vulnerability affe...

9.8CVSS8.8AI score0.074EPSS
CVE
CVE
added 2022/08/22 2:49 p.m.249 views

CVE-2021-3659

CVE-2021-3659 is a local NULL pointer dereference in the Linux kernel’s IEEE 802.15.4 LR-WPAN subsystem. The specific code path cited in connected sources is a NULL pointer dereference in llsec_key_alloc() within net/mac802154/llsec.c, which can be triggered during LR-WPAN connection closure and ...

5.5CVSS5.8AI score0.00264EPSS
CVE
CVE
added 2018/04/18 4:0 p.m.247 views

CVE-2018-1088

CVE-2018-1088 affects GlusterFS 3.x via the snapshot scheduler: an unauthenticated client could exploit the scheduler to mount shared storage and escalate privileges by scheduling a malicious cronjob via a symlink. The issue is tied to a regression/regression-related chain (CVE-2018-1112) in patc...

8.1CVSS8AI score0.05374EPSS
CVE
CVE
added 2018/09/04 1:0 p.m.244 views

CVE-2018-10907

CVE-2018-10907 is a vulnerability in GlusterFS where the server-rpc-fopc.c code path allocates fixed-size buffers with alloca(3). An authenticated attacker mounting a Gluster volume could send a string longer than the fixed buffer, causing a stack-based overflow that may crash the glusterfs serve...

8.8CVSS8.5AI score0.03364EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.243 views

CVE-2018-10913

CVE-2018-10913 affects GlusterFS server. The vulnerability allows an attacker to issue a xattr request via GlusterFS FUSE to determine the existence of files, causing an information disclosure. The connected Nessus/EulerOS Debian advisories list CVE-2018-10913 among multiple GlusterFS issues and ...

6.5CVSS6.7AI score0.02093EPSS
CVE
CVE
added 2018/09/04 1:0 p.m.242 views

CVE-2018-10904

CVE-2018-10904 affects GlusterFS servers. The vulnerability arises from improper sanitization of file paths in the trusted.io-stats-dump extended attribute used by the debug/io-stats translator. An attacker with sufficient access to modify extended attributes on a Gluster volume can create files ...

8.8CVSS8.6AI score0.03024EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.242 views

CVE-2018-10911

CVE-2018-10911 affects glusterfs; the dict_unserialize function mishandles negative key length values, allowing a remote attacker to read memory from other locations into the stored dict value. The IBM PowerKVM advisory (and related Red Hat/CentOS/Debian advisories) document remote-authenticated/...

7.5CVSS7.1AI score0.03071EPSS
CVE
CVE
added 2018/03/20 12:0 a.m.241 views

CVE-2018-8088

CVE-2018-8088 details (normal mode) : The issue affects SLF4J’s slf4j-ext EventData in QOS.CH SLF4J before 1.8.0-beta2, where crafted data can bypass access restrictions. The fix is in SLF4J 1.7.26+ and in the 2.0.x series. Connected advisories corroborate the vulnerability description across Lin...

9.8CVSS9.3AI score0.15087EPSS
CVE
CVE
added 2018/08/17 12:0 p.m.240 views

CVE-2018-10873

CVE-2018-10873 affects SPICE before 0.14.1: a missing bounds check in demarshal.py:write_validate_array_item can be exploited by an authenticated remote peer to crash the SPICE client/server. Public advisories (Debian, IBM, Mageia/CentOS) describe denial of service and potential code execution im...

8.8CVSS8AI score0.03934EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.238 views

CVE-2018-10914

CVE-2018-10914 is a GlusterFS vulnerability where an attacker can issue a xattr request via glusterfs FUSE to crash the gluster brick process, and if multiplexing is enabled, cause crashes across multiple bricks and volumes, enabling a remote denial of service. The issue is documented across mult...

6.5CVSS7AI score0.02447EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.233 views

CVE-2018-10923

CVE-2018-10923 affects GlusterFS server. The description in the connected documents shows that the vulnerability arises from the mknod(2) pathway, allowing an authenticated attacker to create device files on a GlusterFS server node and read data from any device attached to the server. This indica...

8.1CVSS8AI score0.01672EPSS
CVE
CVE
added 2018/01/22 4:0 a.m.220 views

CVE-2018-5968

CVE-2018-5968 concerns FasterXML jackson-databind deserialization. The entry notes unauthenticated remote code execution via two gadgets that bypass a blacklist, stemming from an incomplete fix for CVE-2017-7525 and CVE-2017-17485. Connected sources specify affected jackson-databind versions and ...

8.1CVSS9.6AI score0.06962EPSS
CVE
CVE
added 2018/01/10 3:0 p.m.203 views

CVE-2017-7536

CVE-2017-7536 affects Hibernate Validator 5.2.x (before 5.2.5), 5.3.x, and 5.4.x. If the security manager’s reflective permissions are granted to Hibernate Validator, a privilege escalation can occur by allowing access to private members, enabling reading private member values via ConstraintViola...

7CVSS7.3AI score0.00482EPSS
CVE
CVE
added 2024/04/18 7:6 p.m.202 views

CVE-2023-3758

CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...

7.1CVSS5.9AI score0.01033EPSS
CVE
CVE
added 2018/10/31 7:0 p.m.193 views

CVE-2018-14659

The CVE-2018-14659 vulnerability affects GlusterFS up to versions 4.1.4 and 3.1.2. An authenticated, remote attacker could mount a Gluster volume and repeatedly call setxattr via GF_XATTR_IOSTATS_DUMP_KEY to trigger a state dump and create an arbitrary number of files in the server runtime direct...

6.5CVSS7AI score0.02172EPSS
CVE
CVE
added 2018/10/31 7:0 p.m.192 views

CVE-2018-14654

CVE-2018-14654 affects GlusterFS (up to 4.1.x) via the GF_XATTROP_ENTRY_IN_KEY path in the translator used during mounting, allowing a remote attacker with access to mounted volumes to create arbitrary, empty files on the server. Exploitation details are not provided in the given documents. Remed...

8.5CVSS7.1AI score0.0263EPSS
Web
CVE
CVE
added 2018/05/18 4:0 p.m.191 views

CVE-2018-11237

CVE-2018-11237: A buffer overflow in the AVX-512-optimized mempcpy implementation (__mempcpy_avx512_no_vzeroupper) of glibc (2.27 and earlier). The overflow occurs when copying data beyond the target buffer, as demonstrated by vulnerable mempcpy paths described in public advisories and exploits. ...

7.8CVSS7.7AI score0.00858EPSS
CVE
CVE
added 2018/07/02 1:0 p.m.181 views

CVE-2018-10874

CVE-2018-10874 affects Ansible. The issue arises when inventory variables are loaded from the current working directory during ad-hoc commands, which attackers can control, enabling arbitrary code execution (local attacker could compromise the target via manipulated inventory vars). The NVD entry...

7.8CVSS7.8AI score0.00485EPSS
CVE
CVE
added 2018/11/01 2:0 p.m.177 views

CVE-2018-14660

CVE-2018-14660 : A flaw in GlusterFS server (versions up to 4.1.4 and 3.1.2) lets a remote, authenticated attacker repeatedly call setxattr on GF_META_LOCK_KEY to create multiple locks for a single inode, leading to memory exhaustion on the GlusterFS server node. Connected documents confirm Glust...

6.5CVSS7AI score0.02515EPSS
CVE
CVE
added 2018/10/31 8:0 p.m.158 views

CVE-2018-14661

Technical details for CVE-2018-14661 are not provided in the connected documents. Public information in the initial entry confirms a format-string vulnerability in GlusterFS, but no affected versions, exploit details, or fixes are included here. Monitor for updates.

6.5CVSS6.9AI score0.02655EPSS
CVE
CVE
added 2018/09/11 3:0 p.m.153 views

CVE-2018-1114

CVE-2018-1114 corresponds to an Undertow issue where URLResource.getLastModified() closes file descriptors only when finalized, enabling a file descriptor leak and potential exhaustion. The vulnerability is evidenced in multiple sources (GHSA- GJJX-GQM4-WCGM, Red Hat advisories) describing an unc...

6.5CVSS6.2AI score0.02329EPSS
CVE
CVE
added 2022/08/26 5:25 p.m.102 views

CVE-2022-0207

Summary: CVE-2022-0207 affects the vdsm component used in oVirt/Red Hat Virtualization. A race condition in the functionality that obfuscates sensitive values in logs may cause sensitive data to be stored in clear text. Impact (as stated): exposure of sensitive values via log files. Affected soft...

4.7CVSS4.5AI score0.00186EPSS
CVE
CVE
added 2018/06/19 12:0 p.m.80 views

CVE-2018-1073

CVE-2018-1073 affects the oVirt-engine web console login form, where versions before 4.2.3 reveal different errors for non-existent users vs. invalid passwords, enabling attacker user enumeration. The issue is documented in Red Hat RHSA-2018:1525 and related advisories, with remediation via the a...

5.3CVSS5.5AI score0.01908EPSS
Total number of security vulnerabilities84