VIR Vulnerability Intelligence Relay

Search

Found 469 results in 90ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-5176 medium 5.8 redhat 11y ago The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to r…
CVE-2015-3267 medium 4.3 redhat 11y ago Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-3244 medium 4.9 redhat 11y ago The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso…
CVE-2014-8175 medium 6.0 redhat 11y ago Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2013-7398 medium 4.3 FIX debian debian async-http-client_projectredhat 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2013-7397 medium 4.3 FIX debian debian redhatasync-http-client_project 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2015-0237 medium 6.8 redhat 11y ago Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users t…
CVE-2015-1843 medium 4.3 FIX debian debian redhat 11y ago The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to condu…
CVE-2015-0279 medium 6.8 redhat 11y ago JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVE-2015-0250 medium 6.4 FIX slesdebian debianubuntu ubuntu apacheredhat 11y ago Improper Input Validation in Apache Batik
CVE-2015-0271 medium 4.0 FIX debian debian redhat 11y ago The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2014-8115 medium 6.5 redhat 11y ago The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspeci…
CVE-2014-8114 medium 6.8 redhat 11y ago UberFire Framework Improperly Restricts Paths
CVE-2014-8122 medium 4.3 redhat 12y ago Information disclosure in JBoss Weld
CVE-2014-7853 medium 4.0 redhat 12y ago The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to t…
CVE-2014-7849 medium 4.0 redhat 12y ago The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authentic…
CVE-2014-0151 medium 6.8 redhat 12y ago Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a RE…
CVE-2014-9623 medium 4.0 FIX debian debian redhatopenstack 12y ago OpenStack Glance Bypass the storage quota and Denial of service
CVE-2014-7814 medium 6.5 redhat 12y ago SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
CVE-2014-0171 medium 5.0 redhatodata4j_project 12y ago XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a…
CVE-2014-9493 medium 5.5 FIX debian debian redhatopenstack 12y ago The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
CVE-2014-8131 medium 4.0 FIX debian debian redhat 12y ago The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us…
CVE-2013-4399 medium 4.3 FIX debian debian redhat 12y ago The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cau…
CVE-2014-7852 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handl…
CVE-2014-9140 medium 5.0 FIX debian debian redhat 12y ago Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
CVE-2014-3703 medium 5.0 redhat 12y ago OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration…
CVE-2014-7816 medium 6.0 EXPFIX debian debian redhat 12y ago Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2014-7839 medium 6.4 FIX debian debian redhat 12y ago XML External Entity Reference in RESTEasy
CVE-2014-7821 medium 4.0 FIX debian debianfedora fedora openstackredhat 12y ago OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVE-2014-8769 medium 6.4 FIX debian debian redhat 12y ago tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Dist…
CVE-2014-8768 medium 6.0 EXPFIX suse suseubuntu ubuntudebian debian redhat 12y ago Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a…
CVE-2014-8767 medium 5.0 FIX suse susedebian debian redhat 12y ago Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR f…
CVE-2014-0233 medium 6.5 redhat 12y ago Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr…
CVE-2014-7815 medium 5.0 FIX debian debiansuse suseubuntu ubuntu qemuredhat 12y ago The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7823 medium 5.0 FIX debian debian redhat 12y ago The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML…
CVE-2013-0336 medium 5.0 FIX debian debian redhat 12y ago The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr…
CVE-2014-3654 medium 4.3 suse suse redhatsuse 12y ago Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML …
CVE-2014-8333 medium 4.0 FIX debian debian rhel redhatopenstack 12y ago The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-0136 medium 5.0 redhat 12y ago The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
CVE-2014-5075 medium 6.8 redhatigniterealtime 12y ago The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…
CVE-2014-7968 medium 5.0 redhat 12y ago VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
CVE-2014-3675 medium 5.0 redhat 12y ago Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2014-3573 medium 6.5 redhat 12y ago The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or…
CVE-2014-3680 medium 4.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667 medium 4.0 redhatjenkins 12y ago Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3663 medium 6.0 jenkinsredhat 12y ago Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2014-3662 medium 5.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661 medium 5.0 redhatjenkins 12y ago Jenkins Denial of Service vulnerability
CVE-2014-3681 medium 4.3 redhatjenkins 12y ago Jenkins Cross-site Scripting vulnerability
CVE-2014-3664 medium 4.0 jenkinsredhat 12y ago Jenkins Path Traversal vulnerability
CVE-2014-7283 medium 4.9 FIX debian debian linux-kernel redhat 12y ago The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a …
CVE-2014-3642 medium 6.5 redhat 12y ago vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, …
CVE-2014-3521 medium 5.5 redhat 12y ago The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2014-0140 medium 4.0 redhat 12y ago Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
CVE-2013-6496 medium 5.0 redhat 12y ago Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
CVE-2014-3621 medium 4.0 FIX debian debianubuntu ubuntu rhel openstackredhat 12y ago The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo…
CVE-2014-3558 medium 5.0 FIX debian debian redhat 12y ago Improper Authentication in Hibernate Validator
CVE-2014-0170 medium 4.3 redhatjboss 12y ago Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
CVE-2014-3595 medium 4.3 suse suse redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…
CVE-2014-0152 medium 6.8 ovirtredhat 12y ago Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-3562 medium 5.0 FIX debian debian rhel fedoraprojectredhat 12y ago Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-4615 medium 5.0 FIX debian debianubuntu ubuntu redhatopenstack 12y ago The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl…
CVE-2014-3472 medium 4.9 redhat 12y ago The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
CVE-2014-3464 medium 5.5 redhat 12y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
CVE-2014-3518 medium 6.8 redhat 12y ago jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-3485 medium 4.0 redhat 12y ago The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via un…
CVE-2014-3489 medium 4.3 redhat 12y ago lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force atta…
CVE-2014-3486 medium 6.9 redhat 12y ago The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users …
CVE-2014-3481 medium 5.0 redhat 12y ago org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
CVE-2014-0248 medium 6.8 redhat 12y ago org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at…
CVE-2014-0184 medium 4.9 redhat 12y ago Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
CVE-2014-0180 medium 5.0 redhat 12y ago The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinit…
CVE-2014-0176 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2014-3470 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t…
CVE-2014-0221 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client…
CVE-2014-3469 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU…
CVE-2014-3467 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVE-2014-0042 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded pa…
CVE-2014-0041 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows m…
CVE-2014-0040 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, whi…
CVE-2013-6470 medium 5.0 redhat 12y ago The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid…
CVE-2014-3925 medium 5.0 FIX ubuntu ubuntu rheldebian debian redhat 12y ago sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing th…
CVE-2013-0199 medium 5.0 redhat 12y ago The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
CVE-2014-0137 medium 6.5 redhat 12y ago SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr…
CVE-2014-0078 medium 4.0 redhat 12y ago The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
CVE-2011-2514 medium 6.8 FIX debian debian redhat 12y ago The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victim…
CVE-2011-2513 medium 5.0 FIX debian debian redhat 12y ago The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the u…
CVE-2014-0149 medium 4.3 redhat 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
CVE-2013-6469 medium 6.5 redhat 12y ago JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these d…
CVE-2014-0071 medium 6.4 FIX debian debian redhat 12y ago PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
CVE-2013-2143 medium 7.5 EXP redhattheforeman 12y ago The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se…
CVE-2013-6456 medium 5.8 FIX debian debianfedora fedora redhat 12y ago The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the contain…
CVE-2010-2236 medium 6.0 redhat 12y ago The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users wit…
CVE-2013-5704 medium 5.0 FIX debian debian rhelmacos macos apacheredhatoracle 12y ago The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…
CVE-2013-6468 medium 6.5 redhat 12y ago JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or…
CVE-2014-0093 medium 5.8 redhat 12y ago Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be gr…