Virtualization Host Security Vulnerabilities and Issues — Virtualization Host CVE List

Lucene search

RedhatVirtualization Host

10 matches found

CVE•added 2018/05/21 5:29 p.m.•518 views

CVE-2018-1067

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is...

6.1CVSS6.6AI score0.00622EPSS

CVE•added 2022/08/23 4:15 p.m.•317 views

CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

6.8CVSS6.3AI score0.00471EPSS

CVE•added 2019/04/11 4:29 p.m.•281 views

CVE-2019-3460

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.5CVSS7AI score0.00199EPSS

CVE•added 2018/09/04 4:29 p.m.•267 views

CVE-2018-10930

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

6.5CVSS7AI score0.00776EPSS

CVE•added 2018/09/04 2:29 p.m.•219 views

CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

6.5CVSS6.7AI score0.01046EPSS

CVE•added 2018/09/04 2:29 p.m.•212 views

CVE-2018-10914

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

6.5CVSS7AI score0.05977EPSS

CVE•added 2018/10/31 7:29 p.m.•174 views

CVE-2018-14659

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and cr...

6.5CVSS7AI score0.02738EPSS

CVE•added 2018/11/01 2:29 p.m.•156 views

CVE-2018-14660

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs ser...

6.5CVSS7AI score0.01752EPSS

CVE•added 2018/10/31 8:29 p.m.•138 views

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

6.5CVSS6.9AI score0.03273EPSS

CVE•added 2018/09/11 3:29 p.m.•122 views

CVE-2018-1114

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

6.5CVSS6.2AI score0.00711EPSS