Virtualization

This hub aggregates every CVE we track for Virtualization, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Virtualization.

• CVE-2023-5366Openvswitch don't match packets on nd_target field7.1Oct 6, 2023
• CVE-2023-4911Glibc: buffer overflow in ld.so leading to privilege escalationKEV7.8Oct 3, 2023
• CVE-2023-1668A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kern...8.2Apr 10, 2023
• CVE-2022-2805A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log f...6.5Oct 19, 2022
• CVE-2022-2132A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.8.6Aug 31, 2022
• CVE-2022-0207A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.4.7Aug 26, 2022
• CVE-2022-2078A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of...5.5Jun 30, 2022
• CVE-2022-0435A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the ...8.8Mar 25, 2022
• CVE-2022-0330A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the syst...7.8Mar 25, 2022
• CVE-2022-27666A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel hea...7.8Mar 23, 2022
• CVE-2021-3609.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. Th...7.0Mar 3, 2022
• CVE-2021-3620A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest ...5.5Mar 3, 2022
• CVE-2021-3677A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. Th...6.5Mar 2, 2022
• CVE-2020-25717A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.8.1Feb 18, 2022
• CVE-2021-3560It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivil...KEV7.8Feb 16, 2022