Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatVirtualization

17 matches found

CVE
CVEadded 2019/02/27 11:29 p.m.781 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVEadded 2018/05/22 12:29 p.m.727 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS
CVE
CVEadded 2018/04/26 9:29 p.m.519 views

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) ...

5.9CVSS5.9AI score0.03259EPSS
CVE
CVEadded 2018/04/18 1:29 a.m.442 views

CVE-2017-12196

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the des...

5.9CVSS5.6AI score0.00401EPSS
CVE
CVEadded 2018/07/03 1:29 a.m.248 views

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS5.7AI score0.02523EPSS
CVE
CVEadded 2021/01/12 3:15 p.m.232 views

CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

5.9CVSS5.6AI score0.00544EPSS
CVE
CVEadded 2022/03/03 7:15 p.m.202 views

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

5.5CVSS5.3AI score0.00228EPSS
CVE
CVEadded 2022/06/30 1:15 p.m.190 views

CVE-2022-2078

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

5.5CVSS6.2AI score0.00401EPSS
CVE
CVEadded 2016/08/02 4:59 p.m.161 views

CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

5.5CVSS5.9AI score0.00104EPSS
CVE
CVEadded 2017/03/27 3:59 p.m.107 views

CVE-2017-5973

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

5.5CVSS5.5AI score0.00026EPSS
CVE
CVEadded 2018/07/27 2:29 p.m.105 views

CVE-2018-10862

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

5.5CVSS5.5AI score0.00325EPSS
CVE
CVEadded 2014/06/05 8:55 p.m.92 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.07799EPSS
CVE
CVEadded 2018/08/20 9:29 p.m.89 views

CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.8AI score0.00145EPSS
CVE
CVEadded 2014/11/14 3:59 p.m.87 views

CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

5CVSS5.8AI score0.03847EPSS
CVE
CVEadded 2014/06/05 8:55 p.m.73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.59 views

CVE-2014-0148

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user abl...

5.5CVSS6.5AI score0.00061EPSS
CVE
CVEadded 2018/06/19 12:29 p.m.59 views

CVE-2018-1073

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

5.3CVSS5.5AI score0.00269EPSS