Redhat Virtualization vulnerabilities

CVE-2017-15119 [MEDIUM] CWE-400 CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.

CVE-2018-10862 [MEDIUM] CWE-22 CVE-2018-10862: WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, all WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

CVE-2017-15113 [HIGH] CWE-212 CVE-2017-15113: ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file w ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

CVE-2017-7539 [MEDIUM] CWE-617 CVE-2017-7539: An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server' An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resul

CVE-2016-8647 [MEDIUM] CWE-20 CVE-2016-8647: An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

CVE-2017-7481 [CRITICAL] CWE-20 CVE-2017-7481: Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not eval

CVE-2018-10875 [HIGH] CWE-426 CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

CVE-2018-13405 [HIGH] CWE-269 CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to c The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is th

CVE-2018-10855 [MEDIUM] CWE-532 CVE-2018-10855: Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tas Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

CVE-2018-10874 [HIGH] CWE-426 CVE-2018-10874: In ansible it was found that inventory variables are loaded from current working directory when runn In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

CVE-2018-1073 [MEDIUM] CWE-209 CVE-2018-1073: The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-ex The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

CVE-2018-11806 [HIGH] CWE-787 CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

CVE-2018-1000180 [HIGH] CWE-327 CVE-2018-1000180: Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level in Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

CVE-2018-3639 [MEDIUM] CWE-203 CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory rea Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVE-2018-10237 [MEDIUM] CWE-770 CVE-2018-10237: Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with

CVE-2018-1059 [MEDIUM] CWE-200 CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range i The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

CVE-2018-1088 [HIGH] CWE-266 CVE-2018-1088: A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

CVE-2017-12196 [MEDIUM] CWE-287 CVE-2017-12196: undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Diges undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

CVE-2018-8088 [CRITICAL] CVE-2018-8088: org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote att org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

CVE-2018-7750 [CRITICAL] CWE-287 CVE-2018-7750: transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client ca