VIR Vulnerability Intelligence Relay

Search

Found 358 results in 95ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-8595 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8594 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8587 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8586 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8584 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8583 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9…
CVE-2019-8571 low 2.5 FIX rockydebian debian rhel 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8563 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1…
CVE-2019-8559 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1…
CVE-2019-8558 low 3.5 EXPFIX rockydebian debian rhel 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1…
CVE-2019-8551 low 2.5 FIX sles rockydebian debian 7y ago A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web c…
CVE-2019-8544 low 2.5 FIX sles rockydebian debian 7y ago A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Proces…
CVE-2019-8536 low 2.5 FIX sles rockydebian debian 7y ago A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Proces…
CVE-2019-8535 low 2.5 FIX sles rockydebian debian 7y ago A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing malicio…
CVE-2019-8524 low 2.5 FIX rockydebian debian rhel 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing…
CVE-2019-8523 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing…
CVE-2019-8518 low 3.5 EXPFIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.1…
CVE-2019-6251 low 2.5 FIX arch arch rockydebian debian 7y ago WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a…
CVE-2019-6237 low 2.5 FIX rockydebian debian rhel 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-3820 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low)
CVE-2019-12795 low 2.5 FIX arch arch slesdebian debian 7y ago daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local atta…
CVE-2019-11459 low 2.5 FIX debian debian sles rocky 7y ago RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low)
CVE-2019-11070 low 2.5 FIX sles rockydebian debian 7y ago WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in dean…
CVE-2019-9824 low 2.5 FIX sles rockydebian debian 7y ago tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CVE-2019-9755 low 2.5 FIX sles rockydebian debian 7y ago RHSA-2019:3345: virt:rhel security, bug fix, and enhancement update (Low)
CVE-2019-12155 low 2.5 FIX sles rockydebian debian 7y ago interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2020-15719 low 2.5 slesdebian debian rhel 7y ago RHBA-2019:3674: openldap bug fix and enhancement update (Low)
CVE-2019-7665 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
CVE-2019-7664 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
CVE-2019-7150 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
CVE-2019-7149 low 2.5 FIX arch archdebian debian rhel 7y ago RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
CVE-2019-7146 low 2.5 FIX slesdebian debian rhel 7y ago RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
CVE-2019-6465 low 2.5 FIX debian debianarch arch sles 7y ago RHSA-2019:3552: bind security and bug fix update (Low)
CVE-2019-1543 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low)
CVE-2019-13313 low 2.5 FIX slesdebian debian rhel 7y ago RHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low)
CVE-2019-12312 low 2.5 FIX slesdebian debian rhel 7y ago RHSA-2019:3391: libreswan security and bug fix update (Low)
CVE-2019-10183 low 2.5 FIX slesdebian debian rhel 7y ago RHSA-2019:3464: virt-manager security, bug fix, and enhancement update (Low)
CVE-2019-10155 low 2.5 FIX debian debian rhel 7y ago RHSA-2019:3391: libreswan security and bug fix update (Low)
CVE-2018-6616 low 2.5 FIX slesdebian debian rhel 7y ago RHBA-2019:3408: openjpeg2 bug fix and enhancement update (Low)
CVE-2018-5745 low 2.5 FIX debian debianarch arch sles 7y ago RHSA-2019:3552: bind security and bug fix update (Low)
CVE-2018-20657 low 2.5 sles rhel 7y ago RHSA-2019:3352: gdb security, bug fix, and enhancement update (Low)
CVE-2018-16838 low 2.5 FIX slesdebian debian rhel 7y ago RHSA-2019:3651: sssd security, bug fix, and enhancement update (Low)
CVE-2018-10932 low 2.5 FIX sles rockydebian debian 7y ago RHSA-2019:3673: lldpad security and bug fix update (Low)
CVE-2018-0735 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low)
CVE-2018-0734 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low)
CVE-2019-11358 low 3.5 EXPFIX arch arch rockydebian debian 7y ago RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low)
CVE-2017-5081 low 3.3 3.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-10345 low 3.1 3.1 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-3653 low 3.1 3.1 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Diffic…
CVE-2017-10193 low 3.1 3.1 FIX slesdebian debian rhel oraclenetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…
CVE-2017-3544 low 3.7 3.7 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…
CVE-2017-3539 low 3.1 3.1 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121.…
CVE-2017-3533 low 3.7 3.7 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…
CVE-2016-4455 low 3.3 3.3 rhel redhat 9y ago The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain se…
CVE-2015-2877 low 3.3 3.3 debian debian linux-kernel rhel 9y ago Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other …
CVE-2016-1000033 low 3.7 3.7 FIX rheldebian debian gnome 10y ago Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
CVE-2016-5432 low 3.3 3.3 rhel redhat 10y ago The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
CVE-2016-5444 low 3.7 3.7 rhel oraclemariadbibm 10y ago Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta…
CVE-2016-3452 low 3.7 3.7 rhel oraclemariadbibm 10y ago Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta…
CVE-2016-3716 low 3.3 4.3 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-0643 low 3.3 3.3 sles rhelsuse suse ibmoraclemariadb 10y ago Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users…
CVE-2016-0610 low 3.5 slesdebian debianubuntu ubuntu oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related t…
CVE-2016-0609 low 1.7 slesdebian debianubuntu ubuntu mariadboracle 11y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use…
CVE-2016-0608 low 3.5 slesdebian debianubuntu ubuntu mariadboracle 11y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use…
CVE-2016-0607 low 2.8 slesubuntu ubuntususe suse oracle 11y ago Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
CVE-2016-0606 low 3.5 slesdebian debianubuntu ubuntu mariadboracle 11y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use…
CVE-2016-0605 low 2.1 slessuse suse rhel oracle 11y ago Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
CVE-2016-0600 low 3.5 slesdebian debianubuntu ubuntu mariadboracle 11y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use…
CVE-2016-0598 low 3.5 slesdebian debianubuntu ubuntu mariadboracle 11y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use…
CVE-2015-5006 low 2.1 suse suse rhel ibmredhat 11y ago IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attacke…
CVE-2015-5273 low 4.6 EXP rhel redhat 11y ago The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio i…
CVE-2015-5281 low 2.6 FIX debian debian rhel 11y ago The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a …
CVE-2015-4913 low 3.5 ubuntu ubuntudebian debiansuse suse oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vu…
CVE-2015-4910 low 2.1 rhel oracle 11y ago Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
CVE-2015-4890 low 3.5 rhel oracle 11y ago Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
CVE-2015-4864 low 3.5 ubuntu ubuntu rhel oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Pri…
CVE-2015-4861 low 3.5 ubuntu ubuntudebian debiansuse suse oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-4836 low 2.8 ubuntu ubuntudebian debiansuse suse oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
CVE-2015-4792 low 1.7 ubuntu ubuntudebian debiansuse suse oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, …
CVE-2015-4757 low 3.5 rhelubuntu ubuntudebian debian oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-0505 low 3.5 ubuntu ubuntudebian debian rhel oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2015-0499 low 3.5 ubuntu ubuntudebian debian rhel oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
CVE-2015-2808 low 3.7 3.7 FIX slesdebian debian rhel oracleredhatsuse 11y ago The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to cond…
CVE-2015-0236 low 3.5 FIX slesubuntu ubuntususe suse redhat 12y ago libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (…
CVE-2015-0374 low 3.5 ubuntu ubuntususe susedebian debian oraclemariadb 12y ago Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security…
CVE-2014-6568 low 3.5 ubuntu ubuntususe susedebian debian oraclemariadb 12y ago Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
CVE-2014-9585 low 2.1 FIX debian debianfedora fedorasuse suse 12y ago The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR …
CVE-2014-9584 low 2.1 FIX debian debiansuse suse rhel 12y ago The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows loca…
CVE-2014-8136 low 2.1 FIX debian debiansuse suse rhel redhat 12y ago The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denia…
CVE-2014-5353 low 3.5 FIX debian debianfedora fedora rhel mit 12y ago The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated us…
CVE-2014-3640 low 2.1 FIX debian debianubuntu ubuntu rhel qemu 12y ago The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a…
CVE-2014-3615 low 2.1 FIX slesdebian debiansuse suse qemuredhat 12y ago The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-3566 low 3.4 4.4 EXPFIX slesdebian debianfreebsd freebsd novellopensslibm 12y ago The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad…
CVE-2014-5177 low 1.2 FIX debian debiansuse suse rhel redhat 12y ago libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat…
CVE-2014-0179 low 1.9 FIX suse susedebian debian rhel redhat 12y ago libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction …
CVE-2014-4652 low 1.9 FIX debian debiansuse suse linux-kernel 12y ago Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users t…
CVE-2014-4027 low 2.3 FIX debian debianubuntu ubuntususe suse f5 12y ago The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensiti…
CVE-2014-4039 low 2.1 FIX suse suse rheldebian debian ppc64-diag_project 12y ago ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by rea…
CVE-2014-0249 low 3.3 FIX sles rheldebian debian fedoraproject 12y ago The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrict…
CVE-2014-3917 low 3.3 FIX debian debiansuse suse linux-kernel 12y ago kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel m…