Red Hat Virtualization
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Virtualization.
Recent Red Hat Virtualization Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2024:10758 | (RHSA-2024:10758) Moderate: OpenShift Virtualization 4.12.15 Images | December 3, 2024 |
RHSA-2024:10389 | (RHSA-2024:10389) Moderate: OpenShift Virtualization 4.13.11 Images | November 26, 2024 |
RHSA-2024:5951 | (RHSA-2024:5951) Low: OpenShift Virtualization 4.15.5 Images | August 28, 2024 |
RHSA-2024:3473 | (RHSA-2024:3473) Moderate: OpenShift Virtualization 4.14.6 Images security update | May 29, 2024 |
RHSA-2024:3315 | (RHSA-2024:3315) Important: OpenShift Virtualization 4.13.9 Images security update | May 23, 2024 |
RHSA-2024:2060 | (RHSA-2024:2060) Important: OpenShift Virtualization 4.14.5 Images security update | April 25, 2024 |
RHSA-2024:0934 | (RHSA-2024:0934) Important: Red Hat Virtualization security and bug fix update | February 21, 2024 |
RHSA-2024:0273 | (RHSA-2024:0273) Important: OpenShift Virtualization 4.12.9 Images security and bug fix update | January 17, 2024 |
RHSA-2024:0033 | (RHSA-2024:0033) Moderate: Red Hat Virtualization Host 4.4.z SP 1 security update | January 3, 2024 |
RHSA-2023:7704 | (RHSA-2023:7704) Important: OpenShift Virtualization 4.14.1 security and bug fix update | December 7, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Virtualization . Last year Virtualization had 3 security vulnerabilities published. Right now, Virtualization is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 7.17 |
2022 | 13 | 7.11 |
2021 | 5 | 6.48 |
2020 | 4 | 7.05 |
2019 | 23 | 7.62 |
2018 | 52 | 7.36 |
It may take a day or so for new Virtualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Virtualization Security Vulnerabilities
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules
CVE-2023-5366
5.5 - Medium
- October 06, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Insufficient Verification of Data Authenticity
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable
CVE-2023-4911
7.8 - High
- October 03, 2023
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Memory Corruption
A flaw was found in openvswitch (OVS)
CVE-2023-1668
8.2 - High
- April 10, 2023
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Always-Incorrect Control Flow Implementation
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style
CVE-2022-2805
6.5 - Medium
- October 19, 2022
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.
Cleartext Storage of Sensitive Information
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries
CVE-2014-0148
5.5 - Medium
- September 29, 2022
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Infinite Loop
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could
CVE-2014-0144
8.6 - High
- September 29, 2022
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Improper Input Validation
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots
CVE-2014-0147
6.2 - Medium
- September 29, 2022
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
Integer Overflow or Wraparound
A permissive list of allowed inputs flaw was found in DPDK
CVE-2022-2132
8.6 - High
- August 31, 2022
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw
CVE-2022-2078
5.5 - Medium
- June 30, 2022
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
Stack Overflow
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c
CVE-2022-27666
7.8 - High
- March 23, 2022
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Memory Corruption
.A flaw was found in the
CVE-2021-3609
7 - High
- March 03, 2022
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
Race Condition
A flaw was found in Ansible Engine's ansible-connection module
CVE-2021-3620
5.5 - Medium
- March 03, 2022
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Generation of Error Message Containing Sensitive Information
A flaw was found in postgresql
CVE-2021-3677
6.5 - Medium
- March 02, 2022
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
Information Disclosure
A flaw was found in the way Samba maps domain users to local users
CVE-2020-25717
8.1 - High
- February 18, 2022
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Improper Input Validation
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast
CVE-2021-3578
7.8 - High
- February 16, 2022
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Incorrect Type Conversion or Cast
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser
CVE-2021-4154
8.8 - High
- February 04, 2022
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Dangling pointer
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection
CVE-2021-3621
8.8 - High
- December 23, 2021
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Shell injection
A flaw has been found in libssh in versions prior to 0.9.6
CVE-2021-3634
6.5 - Medium
- August 31, 2021
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
Memory Corruption
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1
CVE-2019-14850
3.7 - Low
- March 18, 2021
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Network Amplification
A flaw was found in multiple versions of OpenvSwitch
CVE-2020-27827
7.5 - High
- March 18, 2021
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Resource Exhaustion
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API
CVE-2020-25657
5.9 - Medium
- January 12, 2021
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Covert Timing Channel
A flaw was found in ovirt-engine 4.4.3 and earlier
CVE-2020-35497
6.5 - Medium
- December 21, 2020
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Authorization
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8
CVE-2019-19336
6.1 - Medium
- March 19, 2020
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
XSS
A flaw was found in PostgreSQL's "ALTER
CVE-2020-1720
6.5 - Medium
- March 17, 2020
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
AuthZ
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding
CVE-2019-14859
9.1 - Critical
- January 02, 2020
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Improper Verification of Cryptographic Signature
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket
CVE-2019-14818
7.5 - High
- November 14, 2019
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Memory Leak
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account
CVE-2019-14287
8.8 - High
- October 17, 2019
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Improper Handling of Exceptional Conditions
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel
CVE-2019-14816
7.8 - High
- September 20, 2019
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Heap-based Buffer Overflow
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality
CVE-2019-14835
7.8 - High
- September 17, 2019
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Classic Buffer Overflow
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API
CVE-2019-10166
7.8 - High
- August 02, 2019
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
Authorization
The virConnectGetDomainCapabilities() libvirt API
CVE-2019-10167
7.8 - High
- August 02, 2019
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Authorization
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs
CVE-2019-10168
7.8 - High
- August 02, 2019
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Authorization
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions
CVE-2019-10194
5.5 - Medium
- July 11, 2019
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Insertion of Sensitive Information into Log File
Jonathan Looney discovered
CVE-2019-11477
7.5 - High
- June 19, 2019
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Integer Overflow or Wraparound
Jonathan Looney discovered
CVE-2019-11478
7.5 - High
- June 19, 2019
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Resource Exhaustion
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes
CVE-2019-11479
7.5 - High
- June 19, 2019
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
Allocation of Resources Without Limits or Throttling
A flaw was found in the Linux kernel
CVE-2019-10126
9.8 - Critical
- June 14, 2019
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
Heap-based Buffer Overflow
A vulnerability was found in Undertow web server before 2.0.21
CVE-2019-3888
9.8 - Critical
- June 12, 2019
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Insertion of Sensitive Information into Log File
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev
CVE-2019-11463
6.5 - Medium
- April 23, 2019
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
Memory Leak
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack
CVE-2019-3804
7.5 - High
- March 26, 2019
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
Missing Initialization of Resource
It was discovered that in the ovirt's REST API before version 4.3.2.1
CVE-2019-3879
6.5 - Medium
- March 25, 2019
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.
Permission Issues
A flaw was found in sssd Group Policy Objects implementation
CVE-2018-16838
5.4 - Medium
- March 25, 2019
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
Improper Privilege Management
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-7221
7.8 - High
- March 21, 2019
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Dangling pointer
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting
CVE-2019-6974
8.1 - High
- February 15, 2019
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Race Condition
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt
CVE-2019-3813
7.5 - High
- February 04, 2019
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
off-by-five
A denial of service vulnerability was found in rsyslog in the imptcp module
CVE-2018-16881
7.5 - High
- January 25, 2019
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Integer Overflow or Wraparound
An allocation of memory without limits
CVE-2018-16865
7.8 - High
- January 11, 2019
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Allocation of Resources Without Limits or Throttling
An allocation of memory without limits
CVE-2018-16864
7.8 - High
- January 11, 2019
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
Allocation of Resources Without Limits or Throttling
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion
CVE-2018-9568
7.8 - High
- December 06, 2018
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
Incorrect Type Conversion or Cast
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr
CVE-2018-14660
6.5 - Medium
- November 01, 2018
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
Resource Exhaustion
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses
CVE-2018-18445
7.8 - High
- October 17, 2018
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
Out-of-bounds Read
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which
CVE-2018-17963
9.8 - Critical
- October 09, 2018
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Integer Overflow or Wraparound
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server
CVE-2018-1000805
8.8 - High
- October 08, 2018
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
AuthZ
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store
CVE-2018-1000808
5.9 - Medium
- October 08, 2018
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
Improper Resource Shutdown or Release
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11
CVE-2018-17972
5.5 - Medium
- October 03, 2018
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.
Race Condition
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request
CVE-2018-14633
7 - High
- September 25, 2018
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
Stack Overflow
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c
CVE-2018-17205
7.5 - High
- September 19, 2018
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
assertion failure
An information leak vulnerability was found in Undertow
CVE-2018-14642
5.3 - Medium
- September 18, 2018
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Information Disclosure