Latest redhat virtualization host Vulnerabilities

CVE-2023-6356
Kernel: null pointer dereference in nvmet_tcp_build_iovec
=8.6
=9.2
=8.6_ppc64le
=9.2_ppc64le
=8.6_aarch64
and 21 more
CVE-2023-6535
Kernel: null pointer dereference in nvmet_tcp_execute_request
=8.6
=9.2
=8.6_ppc64le
=9.2_ppc64le
=8.6_aarch64
and 21 more
CVE-2023-4911
GNU C Library Buffer Overflow Vulnerability
GNU glibc
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Redhat Virtualization=4.0
Redhat Enterprise Linux=8.0
and 21 more
CVE-2022-1011
A flaw in the Linux Kernel found. If unprivileged users can mount FUSE filesystems, then can trigger use after free (UAF) that reads of write() buffers, allowing theft of (partial) /etc/shadow hashes ...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.17
Linux Linux kernel=5.17
Linux Linux kernel=5.17-rc1
Linux Linux kernel=5.17-rc2
and 181 more
CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability
redhat/kernel-rt<0:4.18.0-348.20.1.rt7.150.el8_5
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-147.64.1.el8_1
redhat/kernel-rt<0:4.18.0-193.79.1.rt13.129.el8_2
redhat/kernel<0:4.18.0-193.79.1.el8_2
redhat/kernel-rt<0:4.18.0-305.40.2.rt7.113.el8_4
and 183 more
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2022-0492
A vulnerability was found in cgroup_release_agent_write in kernel/cgroup/cgroup-v1.c in the Linux kernel. In this flaw, under certain circumstances, the cgroups v1 release_agent feature can be used t...
redhat/kernel<0:2.6.32-754.47.1.el6
redhat/kernel-rt<0:3.10.0-1160.66.1.rt56.1207.el7
redhat/kernel<0:3.10.0-1160.66.1.el7
redhat/kernel<0:3.10.0-514.101.1.el7
redhat/kernel<0:3.10.0-693.103.1.el7
redhat/kernel<0:3.10.0-957.94.1.el7
and 214 more
CVE-2022-0516
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obta...
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-305.40.1.el8_4
Linux Linux kernel<5.17
Linux Linux kernel=5.17-rc1
Linux Linux kernel=5.17-rc2
Linux Linux kernel=5.17-rc3
and 172 more
CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 ...
redhat/kernel-rt<0:4.18.0-348.20.1.rt7.150.el8_5
redhat/kernel<0:4.18.0-348.20.1.el8_5
redhat/kernel<0:4.18.0-147.65.1.el8_1
redhat/kernel-rt<0:4.18.0-193.80.1.rt13.130.el8_2
redhat/kernel<0:4.18.0-193.80.1.el8_2
redhat/kernel-rt<0:4.18.0-305.40.1.rt7.112.el8_4
and 208 more
CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel<0:3.10.0-514.99.1.el7
redhat/kernel<0:3.10.0-693.99.1.el7
redhat/kernel<0:3.10.0-957.92.1.el7
redhat/kernel<0:3.10.0-1062.63.1.el7
and 246 more
CVE-2021-45417
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
redhat/aide<0:0.14-11.el6_10.1
redhat/aide<0:0.15.1-13.el7_9.1
redhat/aide<0:0.16-14.el8_5.1
redhat/aide<0:0.16-11.el8_1.1
redhat/aide<0:0.16-11.el8_2.1
redhat/aide<0:0.16-14.el8_4.1
and 18 more
CVE-2022-0207
Ovirt Vdsm>=4.30.1<4.50.0.4
Redhat Virtualization=4.0
Redhat Virtualization For Ibm Power Little Endian=4.0
Redhat Virtualization Host=4.0
Redhat Enterprise Linux=8.0
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 58 more
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 56 more
CVE-2021-20316
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...
Samba Samba<4.15.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Redhat Virtualization Host=4.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Aus=8.6
and 6 more
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel>=2.6.12<4.4.293
Linux Linux kernel>=4.5<4.9.291
and 192 more
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
Linux Linux kernel=5.15-rc2
and 157 more
CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel
IBM Spectrum Copy Data Management>=2.2.0.0<=2.2.15.0
IBM Spectrum Protect Plus>=10.1.0<=10.1.10.2
Linux Linux kernel
and 161 more
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nes...
redhat/kernel-rt<0:3.10.0-1160.45.1.rt56.1185.el7
redhat/kernel<0:3.10.0-1160.45.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.59.1.el7
redhat/kernel-rt<0:4.18.0-305.25.1.rt7.97.el8_4
redhat/kernel<0:4.18.0-305.25.1.el8_4
and 209 more
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...
redhat/ansible<0:2.9.27-1.el8a
redhat/ansible-core<0:2.11.6-1.el8a
redhat/ansible<0:2.9.27-1.el7ae
redhat/ansible<0:2.9.27-1.el8ae
redhat/ovirt-ansible-collection<0:1.6.5-1.el8e
=2.0
and 20 more
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into r...
redhat/sssd<0:1.16.5-10.el7_9.10
redhat/sssd<0:2.4.0-9.el8_4.2
redhat/sssd<0:2.2.0-19.el8_1.2
redhat/sssd<0:2.2.3-20.el8_2.1
redhat/redhat-virtualization-host<0:4.3.18-20210903.0.el7_9
redhat/redhat-virtualization-host<0:4.4.7-20210804.0.el8_4
and 15 more
CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This ...
Linux Linux kernel>=2.6.25<4.4.276
Linux Linux kernel>=4.5<4.9.276
Linux Linux kernel>=4.10<4.14.240
Linux Linux kernel>=4.15<4.19.198
Linux Linux kernel>=4.20<5.4.132
Linux Linux kernel>=5.5.0<5.10.50
and 241 more
CVE-2021-3560
Red Hat Polkit Incorrect Authorization Vulnerability
redhat/polkit<0:0.115-11.el8_4.1
redhat/polkit<0:0.115-9.el8_1.1
redhat/polkit<0:0.115-11.el8_2.1
redhat/cri-o<0:1.20.3-6.rhaos4.7.git0d0f863.el8
redhat/dhcp<12:4.3.6-41.el8_3.1
redhat/openshift-clients<0:4.7.0-202106252127.p0.git.8b4b094.el7
and 13 more
CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could le...
redhat/kernel-rt<0:4.18.0-305.3.1.rt7.75.el8_4
redhat/kernel<0:4.18.0-305.3.1.el8_4
redhat/redhat-virtualization-host<0:4.4.6-20210615.0.el8_4
Linux Linux kernel<5.12
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux For Real Time=8
and 121 more
CVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash th...
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
Linux Linux kernel<5.12
Fedoraproject Fedora=34
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 157 more
CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category...
redhat/kernel<0:2.6.32-754.29.2.el6
redhat/kernel-rt<0:3.10.0-1127.8.2.rt56.1103.el7
redhat/kernel<0:3.10.0-1127.8.2.el7
redhat/kernel-alt<0:4.14.0-115.21.2.el7a
redhat/kernel<0:3.10.0-327.88.1.el7
redhat/kernel<0:3.10.0-514.76.1.el7
and 115 more
CVE-2019-14835
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs logged the buffer descriptors during migration. A privileged guest user able to...
redhat/kernel<0:2.6.32-754.23.1.el6
redhat/kernel<0:2.6.32-431.96.2.el6
redhat/kernel<0:2.6.32-504.81.2.el6
redhat/kernel-rt<0:3.10.0-1062.1.2.rt56.1025.el7
redhat/kernel<0:3.10.0-1062.1.2.el7
redhat/kernel-alt<0:4.14.0-115.13.1.el7a
and 182 more
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ri...
redhat/kernel<0:2.6.32-754.25.1.el6
redhat/kernel-rt<0:3.10.0-1062.7.1.rt56.1030.el7
redhat/kernel<0:3.10.0-1062.7.1.el7
redhat/kernel-alt<0:4.14.0-115.16.1.el7a
redhat/kernel<0:3.10.0-957.56.1.el7
redhat/kernel-rt<0:4.18.0-147.rt24.93.el8
and 149 more
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique...
redhat/kernel<0:2.6.32-754.18.2.el6
redhat/kernel<0:2.6.32-431.96.1.el6
redhat/kernel<0:2.6.32-504.80.2.el6
redhat/kernel-rt<0:3.10.0-1062.1.1.rt56.1024.el7
redhat/kernel<0:3.10.0-1062.1.1.el7
redhat/kernel<0:3.10.0-327.82.1.el7
and 100 more
CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with...
redhat/libvirt<0:0.10.2-64.el6_10.2
redhat/libvirt<0:4.5.0-10.el7_6.12
redhat/redhat-release-virtualization-host<0:4.3.4-1.el7e
redhat/redhat-virtualization-host<0:4.3.4-20190620.3.el7_6
Redhat Libvirt<4.10.1
Redhat Libvirt>=5.0.0<5.4.1
and 22 more
CVE-2019-11479
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size (MSS) of a TCP connection was set to low values,...
redhat/kernel<0:2.6.32-754.15.3.el6
redhat/kernel<0:2.6.32-431.95.3.el6
redhat/kernel<0:2.6.32-504.79.3.el6
redhat/kernel-rt<0:3.10.0-957.21.3.rt56.935.el7
redhat/kernel<0:3.10.0-957.21.3.el7
redhat/kernel-alt<0:4.14.0-115.8.2.el7a
and 180 more
CVE-2019-3888
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchang...
redhat/eap7-apache-commons-codec<0:1.11.0-2.redhat_00001.1.el6ea
redhat/eap7-apache-cxf<0:3.2.7-2.redhat_00002.1.el6ea
redhat/eap7-hal-console<0:3.0.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.10-1.Final_redhat_00001.1.el6ea
redhat/eap7-hornetq<0:2.4.7-7.Final_redhat_2.1.el6ea
redhat/eap7-ironjacamar<0:1.4.16-2.Final_redhat_00001.1.el6ea
and 79 more
CVE-2019-1559
OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. ...
redhat/openssl<0:1.0.1e-58.el6_10
redhat/openssl<1:1.0.2k-19.el7
redhat/jws5-ecj<0:4.12.0-1.redhat_1.1.el6
redhat/jws5-javapackages-tools<0:3.4.1-5.15.11.el6
redhat/jws5-jboss-logging<0:3.3.2-1.Final_redhat_00001.1.el6
redhat/jws5-tomcat<0:9.0.21-10.redhat_4.1.el6
and 226 more
CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
redhat/kernel-rt<0:3.10.0-1062.rt56.1022.el7
redhat/kernel<0:3.10.0-1062.el7
redhat/kernel-alt<0:4.14.0-115.18.1.el7a
redhat/kernel-rt<0:4.18.0-147.rt24.93.el8
redhat/kernel<0:4.18.0-147.el8
Linux Linux kernel<=5.1
and 90 more
CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787...
Linux Linux kernel>=3.2.95<3.2.100
Linux Linux kernel>=3.14.58<3.15
Linux Linux kernel>=3.18.25<3.18.88
Linux Linux kernel>=4.1.14<4.1.49
Linux Linux kernel>=4.2.7<4.3
Linux Linux kernel>=4.3.1<4.4.106
and 10 more
CVE-2018-18397
A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt...
Linux Linux kernel<4.19.7
Redhat Openshift Container Platform=3.11
Redhat Virtualization Host=4.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.4
and 65 more
CVE-2018-14661
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authent...
Gluster GlusterFS=3.8.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Virtualization=4.0
Redhat Virtualization Host=4.0
Redhat Enterprise Linux=7.0
and 2 more
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via netw...
ubuntu/paramiko<2.4.2
ubuntu/paramiko<1.10.1-1
ubuntu/paramiko<1.16.0-1ubuntu0.2
ubuntu/paramiko<2.0.0-1ubuntu1.1
ubuntu/paramiko<2.4.1-0ubuntu3.1
=1.17.6
and 70 more
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit th...
Redhat Gluster File System>=3.0.0<=3.1.2
Redhat Gluster File System>=4.1.0<=4.1.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
and 3 more
CVE-2018-14660
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple lo...
Gluster GlusterFS>=3.1.0<=3.1.2
Gluster GlusterFS>=4.1.0<=4.1.4
Redhat Virtualization Host=4.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Virtualization=4.0
and 2 more
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...
Redhat Gluster Storage<=4.1.4
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Virtualization=4.0
Redhat Virtualization=4.0
Redhat Virtualization Host=4.0
and 2 more
CVE-2018-10926
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute...
Redhat Virtualization Host=4.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux Server=6.0
and 4 more
CVE-2018-10858
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samb...
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Samba Samba<4.6.16
Samba Samba>=4.7.0<4.7.9
and 14 more
CVE-2018-10930
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
redhat/glusterfs<3.12.14
redhat/glusterfs<4.1.4
redhat/glusterfs<0:3.12.2-18.el6
redhat/glusterfs<0:3.12.2-18.el7
redhat/redhat-release-server<0:6Server-6.10.0.24.el6
redhat/redhat-storage-server<0:3.4.0.0-1.el6
and 16 more
CVE-2018-10929
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Gluster GlusterFS>=3.12<3.12.14
Gluster GlusterFS>=4.1<4.1.8
and 2 more
CVE-2018-10928
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use t...
redhat/glusterfs<0:3.12.2-18.el6
redhat/glusterfs<0:3.12.2-18.el7
redhat/redhat-release-server<0:6Server-6.10.0.24.el6
redhat/redhat-storage-server<0:3.4.0.0-1.el6
redhat/redhat-release-server<0:7.5-11.el7
redhat/redhat-storage-server<0:3.4.0.0-1.el7
and 14 more
CVE-2018-10927
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster br...
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Gluster GlusterFS>=3.12<3.12.14
Gluster GlusterFS>=4.1<4.1.8
and 2 more
CVE-2018-10923
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and rea...
redhat/glusterfs<3.12.14
redhat/glusterfs<4.1.4
Gluster GlusterFS>=3.12.0<3.12.14
Gluster GlusterFS>=4.1.0<4.1.8
Redhat Virtualization Host=4.0
Debian Debian Linux=8.0
and 4 more
CVE-2018-10914
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled...
Gluster GlusterFS>=3.12.0<3.12.14
Gluster GlusterFS>=4.1.0<4.1.8
Redhat Virtualization Host=4.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Debian Debian Linux=8.0
and 2 more
CVE-2018-10913
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
redhat/glusterfs<3.12.14
redhat/glusterfs<4.1.4
Gluster GlusterFS>=3.12.0<3.12.14
Gluster GlusterFS>=4.1.0<4.1.8
Redhat Virtualization Host=4.0
Debian Debian Linux=8.0
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203