redhat virtualization 4.0 vulnerabilities and exploits

(subscribe to this query)

6.5

CVSSv3

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak....

Redhat Undertow -Redhat Virtualization Host 4.0 Redhat Virtualization 4.2 Redhat Virtualization 4.0

6.5

CVSSv3

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory...

Gluster Glusterfs Redhat Virtualization Host 4.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0 Redhat Virtualization 4.0 Redhat Virtualization Host 4.0 Debian Debian Linux 9.0

5.5

CVSSv3

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality....

Redhat Ansible Automation Platform Early Access 2.0 Redhat Ansible Engine Redhat Openstack 1 Redhat Openstack 16.1 Redhat Virtualization 4.0 Redhat Virtualization For Ibm Power Little Endian 4.0 Redhat Virtualization Host 4.0 Redhat Virtualization Manager 4.4 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux For Power Little Endian 8.0

6.8

CVSSv3

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries....

Redhat Enterprise Virtualization 4.0

6.5

CVSSv3

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target...

Redhat Gluster Storage Redhat Enterprise Linux Virtualization 4.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0 Redhat Virtualization 4.0 Redhat Virtualization Host 4.0 Debian Debian Linux 9.0

5.3

CVSSv3

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts....

Ovirt Ovirt-engine Redhat Virtualization 4.0 Redhat Virtualization Host 4.01 Github repository available

6.5

CVSSv3

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings...

Postgresql Postgresql Redhat Virtualization 4.0

6.3

CVSSv3

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining...

Redhat Enterprise Virtualization 4.0

6.5

CVSSv3

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key....

Ovirt Ovirt-engine Redhat Virtualization 4.0

8.1

CVSSv3

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink....

Redhat Enterprise Linux Server 6.0 Redhat Gluster Storage Redhat Virtualization Host 4.0 Redhat Virtualization 4.0 Redhat Enterprise Linux Server 7.0 Opensuse Leap 15.1 Debian Debian Linux 9.04 Github repositories available

Get Started

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook