VIR Vulnerability Intelligence Relay

Search

Found 532 results in 84ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-3667 medium 4.0 redhatjenkins 12y ago Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3663 medium 6.0 jenkinsredhat 12y ago Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2014-3662 medium 5.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661 medium 5.0 redhatjenkins 12y ago Jenkins Denial of Service vulnerability
CVE-2014-3681 medium 4.3 redhatjenkins 12y ago Jenkins Cross-site Scripting vulnerability
CVE-2014-3664 medium 4.0 jenkinsredhat 12y ago Jenkins Path Traversal vulnerability
CVE-2014-7283 medium 4.9 FIX debian debian linux-kernel redhat 12y ago The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a …
CVE-2014-3642 medium 6.5 redhat 12y ago vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, …
CVE-2014-3521 medium 5.5 redhat 12y ago The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2014-0140 medium 4.0 redhat 12y ago Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
CVE-2013-6496 medium 5.0 redhat 12y ago Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
CVE-2014-3621 medium 4.0 FIX debian debianubuntu ubuntu rhel openstackredhat 12y ago The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo…
CVE-2014-3558 medium 5.0 FIX debian debian redhat 12y ago Improper Authentication in Hibernate Validator
CVE-2014-0170 medium 4.3 redhatjboss 12y ago Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
CVE-2014-3595 medium 4.3 suse suse redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…
CVE-2014-0152 medium 6.8 ovirtredhat 12y ago Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-3562 medium 5.0 FIX debian debian rhel fedoraprojectredhat 12y ago Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-4615 medium 5.0 FIX debian debianubuntu ubuntu redhatopenstack 12y ago The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl…
CVE-2014-3472 medium 4.9 redhat 12y ago The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
CVE-2014-3464 medium 5.5 redhat 12y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
CVE-2014-3518 medium 6.8 redhat 12y ago jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-3485 medium 4.0 redhat 12y ago The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via un…
CVE-2014-3489 medium 4.3 redhat 12y ago lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force atta…
CVE-2014-3486 medium 6.9 redhat 12y ago The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users …
CVE-2014-3481 medium 5.0 redhat 12y ago org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
CVE-2014-0248 medium 6.8 redhat 12y ago org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at…
CVE-2014-0184 medium 4.9 redhat 12y ago Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
CVE-2014-0180 medium 5.0 redhat 12y ago The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinit…
CVE-2014-0176 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2014-3496 critical 10.0 redhat 12y ago cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz…
CVE-2014-3470 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t…
CVE-2014-0221 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client…
CVE-2014-3469 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU…
CVE-2014-3467 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVE-2014-0042 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded pa…
CVE-2014-0041 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows m…
CVE-2014-0040 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, whi…
CVE-2013-6470 medium 5.0 redhat 12y ago The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid…
CVE-2014-3925 medium 5.0 FIX ubuntu ubuntu rheldebian debian redhat 12y ago sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing th…
CVE-2013-0199 medium 5.0 redhat 12y ago The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
CVE-2014-0137 medium 6.5 redhat 12y ago SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr…
CVE-2014-0078 medium 4.0 redhat 12y ago The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
CVE-2011-2514 medium 6.8 FIX debian debian redhat 12y ago The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victim…
CVE-2011-2513 medium 5.0 FIX debian debian redhat 12y ago The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the u…
CVE-2014-0149 medium 4.3 redhat 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
CVE-2013-6469 medium 6.5 redhat 12y ago JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these d…
CVE-2014-0071 medium 6.4 FIX debian debian redhat 12y ago PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
CVE-2013-2143 medium 7.5 EXP redhattheforeman 12y ago The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se…
CVE-2013-6456 medium 5.8 FIX debian debianfedora fedora redhat 12y ago The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the contain…
CVE-2010-2236 medium 6.0 redhat 12y ago The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users wit…
CVE-2013-5704 medium 5.0 FIX debian debian rhelmacos macos apacheredhatoracle 12y ago The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…
CVE-2013-6468 medium 6.5 redhat 12y ago JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or…
CVE-2014-0093 medium 5.8 redhat 12y ago Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be gr…
CVE-2013-1869 medium 4.3 redhat 12y ago CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting a…
CVE-2014-0086 medium 4.3 redhat 12y ago JBoss RichFaces Improper Input Validation vulnerability
CVE-2011-4580 medium 4.3 redhat 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2941 medium 5.8 redhat 12y ago Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ini…
CVE-2014-0081 medium 4.3 FIX suse suse rheldebian debian rubyonrailsredhat 13y ago Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remot…
CVE-2011-4083 medium 4.3 redhat 13y ago The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement…
CVE-2011-3590 medium 5.7 FIX debian debian redhat 13y ago The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH privat…
CVE-2011-3589 medium 5.7 FIX debian debian redhat 13y ago The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions f…
CVE-2011-3588 medium 5.7 FIX debian debian redhat 13y ago The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables…
CVE-2013-4415 medium 4.3 redhatsuse 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variab…
CVE-2012-1100 medium 5.8 redhat 13y ago Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login …
CVE-2012-0062 medium 5.8 redhat 13y ago Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
CVE-2012-0052 medium 5.8 redhat 13y ago Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered…
CVE-2011-4610 medium 5.0 redhat 13y ago JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attacke…
CVE-2012-3406 medium 6.8 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SP…
CVE-2012-3405 medium 5.0 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to …
CVE-2012-3404 medium 5.0 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to …
CVE-2014-1869 medium 4.3 debian debian redhatzeroclipboard_project 13y ago Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web …
CVE-2013-6393 medium 6.8 FIX debian debiansuse suseubuntu ubuntu pyyamlredhat 13y ago Heap Based Buffer Overflow in libyaml
CVE-2011-3377 medium 4.3 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network conne…
CVE-2012-0059 medium 4.9 4.9 redhat 13y ago A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error message…
CVE-2011-3344 medium 5.4 5.4 redhat 13y ago A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This c…
CVE-2011-2927 medium 5.4 5.4 redhat 13y ago A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages vi…
CVE-2011-2920 medium 5.5 5.5 redhat 13y ago A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through vario…
CVE-2011-2919 medium 4.3 redhat 13y ago Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the System…
CVE-2011-1594 medium 6.5 6.5 redhat 13y ago A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url…
CVE-2013-6491 medium 4.3 FIX debian debian openstackredhat 13y ago The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive i…
CVE-2014-0028 medium 4.3 FIX debian debian redhat 13y ago libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a reques…
CVE-2013-6458 medium 6.8 FIX debian debian redhat 13y ago Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify…
CVE-2013-6457 medium 5.2 FIX debian debian redhat 13y ago The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of se…
CVE-2013-6434 medium 4.3 redhat 13y ago The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which…
CVE-2013-1885 medium 4.3 redhat 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote atta…
CVE-2013-6443 medium 6.8 redhat 13y ago CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destruct…
CVE-2013-6448 medium 5.0 redhat 13y ago The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restr…
CVE-2013-6447 medium 5.0 redhat 13y ago Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier…
CVE-2013-4424 medium 4.3 redhat 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6439 critical 9.3 redhat 13y ago Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector…
CVE-2013-6391 medium 5.8 FIX debian debianubuntu ubuntu openstackredhat 13y ago The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to …
CVE-2013-2133 medium 5.5 rhel redhat 13y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS S…
CVE-2013-4214 medium 6.3 nagiosredhat 13y ago rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
CVE-2013-2029 medium 6.3 redhat 13y ago nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary n…
CVE-2013-4485 medium 4.0 FIX debian debian rhel fedoraprojectredhat 13y ago 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list…
CVE-2013-4282 medium 5.0 FIX sles rheldebian debian spice_projectredhat 13y ago Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.