Redhat Virtualization vulnerabilities

CVE-2019-3804 [HIGH] CWE-909 CVE-2019-3804: It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly res It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

CVE-2019-3879 [HIGH] CWE-862 CVE-2019-3879: It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggere It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.

CVE-2019-9636 [CRITICAL] CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encod Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A sp

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2018-16881 [HIGH] CWE-190 CVE-2018-16881: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

CVE-2018-14660 [MEDIUM] CWE-400 CVE-2018-14660: A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage o A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.

CVE-2018-14659 [MEDIUM] CWE-400 CVE-2018-14659: The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's ru

CVE-2018-14661 [MEDIUM] CWE-20 CVE-2018-14661: It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

CVE-2018-14654 [MEDIUM] CWE-22 CVE-2018-14654: The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' transla The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

CVE-2018-17963 [CRITICAL] CWE-190 CVE-2018-17963: qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVE-2018-17958 [HIGH] CWE-190 CVE-2018-17958: Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer da Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

CVE-2018-1114 [MEDIUM] CWE-400 CVE-2018-1114: It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when th It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

CVE-2018-10930 [MEDIUM] CWE-20 CVE-2018-10930: A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

CVE-2018-10858 [MEDIUM] CWE-20 CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directo A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVE-2015-5160 [MEDIUM] CWE-200 CVE-2015-5160: libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2018-10873 [HIGH] CWE-119 CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for dema A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

CVE-2018-10915 [HIGH] CWE-89 CVE-2018-10915: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher pri

CVE-2018-10908 [MEDIUM] CWE-20 CVE-2018-10908: It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVE-2018-10897 [HIGH] CWE-59 CVE-2018-10897: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sani A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on