VIR Vulnerability Intelligence Relay

Search

Found 645 results in 168ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5008 critical 9.8 9.8 FIX slesdebian debian redhat 10y ago libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC sess…
CVE-2016-5009 medium 6.5 6.5 FIX slesdebian debian rhel redhat 10y ago The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-4428 medium 5.4 5.4 FIX slesdebian debian rhel openstackredhat 10y ago OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
CVE-2016-2074 critical 9.8 9.8 FIX debian debian openvswitchredhat 10y ago Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demons…
CVE-2016-2141 critical 9.8 9.8 slesdebian debian rhel redhat 10y ago Improper Input Validation in JGroups
CVE-2016-3711 low 3.3 3.3 sles redhat 10y ago HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
CVE-2016-3703 medium 5.3 5.3 redhat 10y ago Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote …
CVE-2016-2149 medium 6.5 6.5 redhat 10y ago Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2016-2142 medium 5.5 5.5 redhat 10y ago Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by re…
CVE-2014-8177 medium 6.5 6.5 rhel redhat 10y ago The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted…
CVE-2015-5041 critical 9.1 9.1 suse suse ibmredhat 10y ago The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject …
CVE-2016-4020 medium 6.5 6.5 FIX sles rhelubuntu ubuntu qemuredhat 10y ago The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory …
CVE-2014-3672 medium 6.5 6.5 FIX slesdebian debian redhat 10y ago The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-0264 medium 5.6 5.6 sles rhelsuse suse ibmredhatsuse 10y ago Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP…
CVE-2016-3727 medium 4.3 4.3 jenkinsredhat 10y ago Jenkins Exposes Sensitive Information via API URL
CVE-2016-3725 medium 4.3 4.3 jenkinsredhat 10y ago Missing permissions check in Jenkins Core
CVE-2016-3724 medium 6.5 6.5 redhatjenkins 10y ago Jenkins Exposes Sensitive Information from Job Configuration
CVE-2016-3723 medium 4.3 4.3 jenkinsredhat 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722 medium 4.3 4.3 jenkinsredhat 10y ago Incorrect Authorization in Jenkins Core
CVE-2016-3721 medium 4.3 4.3 redhatjenkins 10y ago Jenkins allows Remote Users to Inject Build Parameters
CVE-2016-0695 medium 5.9 5.9 FIX sles rheldebian debian oracleredhat 10y ago Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2015-5247 medium 6.5 6.5 FIX debian debianubuntu ubuntu redhat 10y ago The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl…
CVE-2011-4600 medium 5.9 5.9 FIX debian debianubuntu ubuntu redhat 10y ago The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow rem…
CVE-2016-3079 medium 6.1 6.1 sles redhat 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems…
CVE-2016-2103 medium 6.1 6.1 sles redhat 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/…
CVE-2015-0284 medium 5.4 5.4 redhat 10y ago Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the …
CVE-2015-7545 critical 9.8 9.8 FIX slesdebian debiansuse suse git_projectredhat 10y ago The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot…
CVE-2015-7528 medium 5.3 5.3 FIX debian debian kubernetesredhat 10y ago Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
CVE-2015-7502 medium 5.1 5.1 redhat 10y ago Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users …
CVE-2015-5313 low 2.5 2.5 FIX debian debian redhat 10y ago Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows l…
CVE-2015-5233 medium 4.2 4.2 theforemanredhat 10y ago Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary h…
CVE-2016-0791 critical 9.8 9.8 redhatjenkins 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-0790 medium 5.3 5.3 jenkinsredhat 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-0789 medium 6.1 6.1 jenkinsredhat 10y ago Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2016-0788 critical 9.8 9.8 jenkinsredhat 10y ago Jenkins allows Execution of Code by Opening a JRMP Listener
CVE-2015-5295 medium 5.4 5.4 FIX slesdebian debianfedora fedora openstackredhat 11y ago The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory cons…
CVE-2015-7512 critical 9.0 9.0 FIX rheldebian debian qemuredhat 11y ago Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary …
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-5304 low 3.5 redhat 11y ago Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Aud…
CVE-2015-5006 low 2.1 suse suse rhel ibmredhat 11y ago IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attacke…
CVE-2015-5302 medium 5.0 redhat 11y ago libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1)…
CVE-2015-5287 medium 7.9 EXP rhel redhat 11y ago The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable na…
CVE-2015-5273 low 4.6 EXP rhel redhat 11y ago The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio i…
CVE-2015-5245 medium 4.3 FIX debian debian redhat 11y ago CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…
CVE-2015-8103 critical 9.8 10.0 EXP redhatjenkins 11y ago Jenkins CLI Deserialization of Untrusted Data vulnerability
CVE-2015-5326 medium 4.3 jenkinsredhat 11y ago Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-5324 medium 5.0 jenkinsredhat 11y ago Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5323 medium 6.5 redhatjenkins 11y ago Jenkins allows Administrators to Access API Tokens
CVE-2015-5322 medium 5.0 redhatjenkins 11y ago Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321 medium 5.0 redhatjenkins 11y ago Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320 medium 5.0 redhatjenkins 11y ago Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319 medium 5.0 redhatjenkins 11y ago Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2015-5318 medium 6.8 jenkinsredhat 11y ago Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-5242 medium 6.0 redhat 11y ago OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a cra…
CVE-2015-5305 medium 6.4 FIX debian debian redhat 11y ago Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handle…
CVE-2015-5220 medium 5.0 redhat 11y ago The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption)…
CVE-2015-5188 medium 6.8 redhat 11y ago Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.C…
CVE-2015-5178 medium 4.3 redhat 11y ago The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for …
CVE-2015-1813 medium 4.3 jenkinsredhat 11y ago Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812 medium 4.3 jenkinsredhat 11y ago Jenkins Cross-site Scripting vulnerability
CVE-2015-1810 medium 4.6 jenkinsredhat 11y ago Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2015-1808 low 3.5 jenkinsredhat 11y ago Jenkins Vulnerable to Denial of Service (DoS)
CVE-2015-1807 low 3.5 jenkinsredhat 11y ago Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building …
CVE-2015-1806 medium 6.5 jenkinsredhat 11y ago Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2015-5235 medium 4.3 FIX debian debiansuse susefedora fedora redhat 11y ago IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving …
CVE-2015-5234 medium 6.8 FIX debian debiansuse susefedora fedora redhat 11y ago IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass use…
CVE-2015-5274 medium 6.5 redhat 11y ago rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
CVE-2015-5250 medium 4.0 redhat 11y ago Denial of Service in OpenShift Origin in github.com/openshift/origin
CVE-2015-1841 low 3.7 redhat 11y ago The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.
CVE-2015-3214 medium 7.9 EXPFIX debian debian linux-kernel rhel qemuredhat 11y ago The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitra…
CVE-2015-0298 medium 4.3 redhat 11y ago Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
CVE-2015-5165 critical 9.3 FIX sles rheldebian debian suseredhat 11y ago The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-3908 medium 4.3 FIX debian debian redhat 11y ago Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle …
CVE-2015-5176 medium 5.8 redhat 11y ago The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to r…
CVE-2015-3267 medium 4.3 redhat 11y ago Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-3245 low 3.1 EXPFIX debian debian redhat 11y ago Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a de…
CVE-2015-3244 medium 4.9 redhat 11y ago The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso…
CVE-2014-8175 medium 6.0 redhat 11y ago Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2013-7398 medium 4.3 FIX debian debian async-http-client_projectredhat 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2013-7397 medium 4.3 FIX debian debian redhatasync-http-client_project 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2015-3201 low 2.1 redhat 11y ago Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
CVE-2015-0267 low 3.6 FIX debian debian redhat 11y ago The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlin…
CVE-2015-0257 low 2.1 redhat 11y ago Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local …
CVE-2015-0237 medium 6.8 redhat 11y ago Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users t…
CVE-2015-0297 critical 9.0 redhat 11y ago Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) Sched…
CVE-2014-3586 low 2.1 redhat 11y ago The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-h…
CVE-2015-1842 critical 10.0 redhat 11y ago The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary she…
CVE-2015-1843 medium 4.3 FIX debian debian redhat 11y ago The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to condu…
CVE-2015-2808 low 3.7 3.7 FIX slesdebian debian rhel oracleredhatsuse 11y ago The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to cond…
CVE-2015-0279 medium 6.8 redhat 11y ago JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVE-2015-0250 medium 6.4 FIX slesdebian debianubuntu ubuntu apacheredhat 11y ago Improper Input Validation in Apache Batik
CVE-2015-0271 medium 4.0 FIX debian debian redhat 11y ago The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2014-8115 medium 6.5 redhat 11y ago The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspeci…
CVE-2014-8114 medium 6.8 redhat 11y ago UberFire Framework Improperly Restricts Paths
CVE-2014-0005 low 3.6 redhat 11y ago PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the app…
CVE-2014-8122 medium 4.3 redhat 12y ago Information disclosure in JBoss Weld
CVE-2014-7853 medium 4.0 redhat 12y ago The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to t…
CVE-2014-7849 medium 4.0 redhat 12y ago The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authentic…
CVE-2014-7827 low 3.5 redhat 12y ago The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a…
CVE-2014-0151 medium 6.8 redhat 12y ago Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a RE…