VIR Vulnerability Intelligence Relay

Search

Found 786 results in 116ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-48795 medium 5.9 5.9 FIX rhel rockydebian debian apacheopenbsdputty 3y ago The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-4911 high 7.8 10.0 KEVEXPFIX rhel rocky sles gnuredhatnetapp 3y ago GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileg…
CVE-2023-4527 medium 6.5 6.5 FIX rhel rocky sles gnuredhat 3y ago RHSA-2023:5455: glibc security update (Important)
CVE-2011-0720 high 7.5 ploneredhat 4y ago Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and…
CVE-2014-3498 high 8.8 8.8 FIX debian debian redhat 4y ago The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
CVE-2014-3708 medium 4.0 FIX slesdebian debian openstackredhat 4y ago OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re…
CVE-2016-3072 high 8.8 8.8 rhel katelloredhat 4y ago Katello SQL Injection vulnerabilities
CVE-2017-7549 medium 6.4 6.4 openstackredhat 4y ago A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher…
CVE-2022-0492 high 7.8 10.0 KEVEXPFIX sles rockydebian debian redhatnetapp 4y ago Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
CVE-2021-4104 high 7.5 7.5 FIX debian debian sles rocky apacheredhatoracle 5y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2019-11135 medium 6.5 6.5 FIX arch arch slesdebian debian slackwarehpintel 6y ago TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-7317 medium 5.3 5.3 FIX arch arch slesdebian debian libpngoraclehp 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2018-17958 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu qemuredhat 8y ago Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2014-0120 high 8.8 8.8 hawtredhat 9y ago Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se…
CVE-2017-16818 medium 6.5 6.5 FIX debian debian slesfedora fedora redhat 9y ago RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privil…
CVE-2013-6465 medium 5.4 5.4 redhat 9y ago Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
CVE-2017-1000407 high 7.4 7.4 FIX slesarch archdebian debian redhat 9y ago The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
CVE-2017-1000410 high 7.5 7.5 FIX arch arch slesdebian debian redhat 9y ago The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of…
CVE-2017-15114 high 8.1 8.1 redhat 9y ago When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authenticati…
CVE-2017-15100 medium 6.1 6.1 theforemanredhat 9y ago An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends…
CVE-2016-8610 high 7.5 7.5 FIX sles rheldebian debian opensslredhatnetapp 9y ago A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote…
CVE-2017-15087 high 7.5 7.5 FIX rheldebian debian redhat 9y ago It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-15086 high 7.4 7.4 FIX rheldebian debian redhat 9y ago It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-15085 medium 5.9 5.9 FIX rheldebian debian redhat 9y ago It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-1000256 high 8.1 8.1 FIX debian debian redhat 9y ago libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVE-2017-12160 high 7.2 7.2 redhat 9y ago Keycloak Oauth Implementation Error
CVE-2017-12159 high 7.5 7.5 rhel redhatkeycloak 9y ago Keycloak CSRF Vulnerability
CVE-2017-12158 medium 5.4 5.4 rhel redhatkeycloak 9y ago Keycloak Reflected XSS
CVE-2013-3734 medium 6.6 6.6 redhat 9y ago The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive…
CVE-2017-12613 high 7.1 7.1 FIX debian debian slesarch arch apacheredhat 9y ago When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting t…
CVE-2017-10388 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10384 medium 6.5 6.5 slesdebian debian rhel oraclemariadbnetapp 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily expl…
CVE-2017-10379 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Ea…
CVE-2017-10378 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. …
CVE-2017-10357 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded…
CVE-2017-10356 medium 6.2 6.2 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe…
CVE-2017-10355 medium 5.3 6.3 EXPFIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10350 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil…
CVE-2017-10349 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10348 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10347 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10345 low 3.1 3.1 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-10309 high 7.1 8.1 EXPFIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…
CVE-2017-10295 medium 4.0 4.0 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10281 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-10268 medium 4.1 4.1 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier…
CVE-2014-7813 medium 6.5 6.5 redhat 9y ago Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack …
CVE-2014-3706 medium 5.9 5.9 redhat 9y ago ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
CVE-2014-7851 high 7.5 7.5 ovirtredhat 9y ago oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that us…
CVE-2014-0029 medium 6.1 6.1 redhat 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2017-7554 medium 6.1 6.1 redhat 9y ago It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap…
CVE-2017-7553 medium 6.3 6.3 redhat 9y ago The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpo…
CVE-2015-0238 low 3.3 3.3 redhat 9y ago selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
CVE-2014-8170 high 8.8 8.8 ovirtredhat 9y ago ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, …
CVE-2015-5184 high 7.5 7.5 redhat 9y ago Console: CORS headers set to allow all in Red Hat AMQ.
CVE-2015-5183 high 7.5 7.5 redhat 9y ago Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
CVE-2015-5182 high 8.8 8.8 redhat 9y ago Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
CVE-2015-5181 medium 5.4 5.4 redhat 9y ago The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
CVE-2015-5248 medium 6.5 6.5 redhat 9y ago Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.
CVE-2015-1849 medium 5.9 5.9 redhat 9y ago AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential pas…
CVE-2017-1002151 high 7.5 7.5 FIX debian debian redhat 9y ago Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVE-2017-7561 high 7.5 7.5 FIX debian debian redhat 9y ago Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
CVE-2017-7560 medium 5.5 5.5 sles redhat 9y ago It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
CVE-2015-3163 medium 4.3 4.3 redhat 9y ago The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEA…
CVE-2014-8163 medium 6.5 6.5 redhat 9y ago Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2014-8168 medium 6.1 6.1 redhat 9y ago Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2014-0141 medium 6.1 6.1 redhat 9y ago Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2015-5293 medium 5.9 5.9 redhat 9y ago Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a …
CVE-2017-11610 high 8.8 9.8 EXPFIX debian debianfedora fedora supervisordredhat 9y ago The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC req…
CVE-2016-6311 medium 5.3 5.3 redhat 9y ago Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
CVE-2016-6310 medium 5.5 5.5 redhat 9y ago oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
CVE-2016-6796 high 7.5 7.5 slesdebian debian rhel apachenetapporacle 9y ago Apache Tomcat vulnerable to SecurityManager bypass
CVE-2016-6797 high 7.5 7.5 slesdebian debian rhel apacheoraclenetapp 9y ago Incorrect Authorization in Apache Tomcat
CVE-2016-6794 medium 5.3 5.3 slesdebian debian rhel apacheredhatnetapp 9y ago System Property Disclosure in Apache Tomcat
CVE-2016-0762 medium 5.9 5.9 slesdebian debian rhel apacheredhatnetapp 9y ago Observable Discrepancy in Apache Tomcat
CVE-2017-3653 low 3.1 3.1 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Diffic…
CVE-2017-3651 medium 4.3 4.3 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. E…
CVE-2017-3641 medium 4.9 4.9 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily…
CVE-2017-3636 medium 5.3 5.3 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vul…
CVE-2017-10243 medium 6.5 6.5 FIX slesdebian debian rhel netapporacleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:…
CVE-2017-10116 high 8.3 8.3 FIX slesdebian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde…
CVE-2017-10115 high 7.5 7.5 FIX debian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u…
CVE-2017-10109 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em…
CVE-2017-10108 medium 5.3 5.3 FIX slesdebian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em…
CVE-2017-10105 medium 4.3 4.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows …
CVE-2017-10078 high 8.1 8.1 FIX slesdebian debian rhel oracleredhatphoenixcontact 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at…
CVE-2017-10067 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows …
CVE-2017-10053 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1…
CVE-2016-3113 medium 6.1 6.1 redhat 9y ago Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
CVE-2015-7561 low 3.1 3.1 kubernetesredhat 9y ago Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
CVE-2017-10664 high 7.5 7.5 FIX sles rheldebian debian qemuredhat 9y ago qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2016-8743 high 7.5 7.5 FIX debian debian sles rhel apachenetappredhat 9y ago Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…
CVE-2017-7980 high 7.8 7.8 FIX sles rhelubuntu ubuntu qemuredhat 9y ago Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vec…
CVE-2015-3198 high 7.5 7.5 redhat 9y ago The Undertow module of WildFly allows source code disclosure
CVE-2016-4996 high 7.0 7.0 rhel redhat 9y ago discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local u…
CVE-2016-0764 medium 6.2 6.2 FIX slesdebian debian rhel redhat 9y ago Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux…
CVE-2016-7062 high 7.8 7.8 redhat 9y ago rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
CVE-2015-1795 high 7.8 7.8 FIX debian debian rhel redhat 9y ago Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.