VIR Vulnerability Intelligence Relay

Search

Found 738 results in 167ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5403 medium 5.5 5.5 FIX slesdebian debian rhel qemuredhat 10y ago The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without w…
CVE-2016-3737 critical 9.8 9.8 redhat 10y ago The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
CVE-2016-5387 high 8.1 8.1 FIX debian debian slesfedora fedora apachehporacle 10y ago The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…
CVE-2016-5008 critical 9.8 9.8 FIX slesdebian debian redhat 10y ago libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC sess…
CVE-2016-5009 medium 6.5 6.5 FIX slesdebian debian rhel redhat 10y ago The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-4985 high 7.5 7.5 FIX slesdebian debian redhatcanonical 10y ago OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4428 medium 5.4 5.4 FIX slesdebian debian rhel openstackredhat 10y ago OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
CVE-2016-2074 critical 9.8 9.8 FIX debian debian openvswitchredhat 10y ago Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demons…
CVE-2016-4474 high 8.8 8.8 redhat 10y ago The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a de…
CVE-2016-2141 critical 9.8 9.8 slesdebian debian rhel redhat 10y ago Improper Input Validation in JGroups
CVE-2016-3738 high 8.8 8.8 redhat 10y ago Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-…
CVE-2016-3708 high 7.1 7.1 redhat 10y ago Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users t…
CVE-2016-3703 medium 5.3 5.3 redhat 10y ago Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote …
CVE-2016-2160 high 8.8 8.8 redhat 10y ago Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2016-2149 medium 6.5 6.5 redhat 10y ago Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2016-2142 medium 5.5 5.5 redhat 10y ago Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by re…
CVE-2014-8177 medium 6.5 6.5 rhel redhat 10y ago The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted…
CVE-2015-5041 critical 9.1 9.1 suse suse ibmredhat 10y ago The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject …
CVE-2016-3096 high 7.8 7.8 FIX debian debianfedora fedora redhat 10y ago The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /…
CVE-2016-0376 high 8.1 8.1 slessuse suse rhel novellibmredhat 10y ago The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40…
CVE-2016-0363 high 8.1 8.1 slessuse suse rhel redhatnovellibm 10y ago The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.…
CVE-2016-5126 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu qemuredhat 10y ago Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code vi…
CVE-2016-4020 medium 6.5 6.5 FIX sles rhelubuntu ubuntu qemuredhat 10y ago The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory …
CVE-2014-3672 medium 6.5 6.5 FIX slesdebian debian redhat 10y ago The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-0264 medium 5.6 5.6 sles rhelsuse suse ibmredhatsuse 10y ago Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP…
CVE-2016-3727 medium 4.3 4.3 jenkinsredhat 10y ago Jenkins Exposes Sensitive Information via API URL
CVE-2016-3726 high 7.4 7.4 jenkinsredhat 10y ago Jenkins affected by Open Redirect Vulnerability
CVE-2016-3725 medium 4.3 4.3 jenkinsredhat 10y ago Missing permissions check in Jenkins Core
CVE-2016-3724 medium 6.5 6.5 redhatjenkins 10y ago Jenkins Exposes Sensitive Information from Job Configuration
CVE-2016-3723 medium 4.3 4.3 jenkinsredhat 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722 medium 4.3 4.3 jenkinsredhat 10y ago Incorrect Authorization in Jenkins Core
CVE-2016-3721 medium 4.3 4.3 redhatjenkins 10y ago Jenkins allows Remote Users to Inject Build Parameters
CVE-2016-3627 high 7.5 7.5 FIX slesubuntu ubuntudebian debian hpxmlsoftredhat 10y ago The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consum…
CVE-2016-3710 high 8.8 8.8 FIX slesubuntu ubuntudebian debian hpqemuoracle 10y ago The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes …
CVE-2016-0695 medium 5.9 5.9 FIX sles rheldebian debian oracleredhat 10y ago Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2015-5271 high 7.5 7.5 redhatopenstack 10y ago The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline w…
CVE-2015-5247 medium 6.5 6.5 FIX debian debianubuntu ubuntu redhat 10y ago The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl…
CVE-2011-4600 medium 5.9 5.9 FIX debian debianubuntu ubuntu redhat 10y ago The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow rem…
CVE-2016-3079 medium 6.1 6.1 sles redhat 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems…
CVE-2016-2103 medium 6.1 6.1 sles redhat 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/…
CVE-2015-0284 medium 5.4 5.4 redhat 10y ago Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the …
CVE-2015-8080 high 7.5 7.5 FIX suse susedebian debian redislabsredhatredis 10y ago Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to ca…
CVE-2015-7545 critical 9.8 9.8 FIX slesdebian debiansuse suse git_projectredhat 10y ago The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot…
CVE-2016-2857 high 8.4 8.4 FIX slesubuntu ubuntudebian debian qemuredhat 10y ago The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568 high 8.8 8.8 FIX slesdebian debian rhel qemuredhat 10y ago Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary co…
CVE-2015-7528 medium 5.3 5.3 FIX debian debian kubernetesredhat 10y ago Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
CVE-2015-7502 medium 5.1 5.1 redhat 10y ago Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users …
CVE-2015-5329 high 7.3 7.3 redhat 10y ago The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem…
CVE-2015-5233 medium 4.2 4.2 theforemanredhat 10y ago Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary h…
CVE-2016-0792 high 8.8 9.8 EXP jenkinsredhat 10y ago Jenkins allows Deserialization of Untrusted Data via an XML File
CVE-2016-0791 critical 9.8 9.8 redhatjenkins 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-0790 medium 5.3 5.3 jenkinsredhat 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-0789 medium 6.1 6.1 jenkinsredhat 10y ago Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2016-0788 critical 9.8 9.8 jenkinsredhat 10y ago Jenkins allows Execution of Code by Opening a JRMP Listener
CVE-2016-1714 high 8.1 8.1 FIX slesdebian debian redhatqemu 10y ago The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_…
CVE-2016-0793 high 7.5 8.5 EXP redhat 10y ago WildFly has incomplete blacklist vulnerability
CVE-2016-0636 high 8.1 8.1 FIX rheldebian debian oracleredhat 10y ago Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-componen…
CVE-2016-0742 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu f5appleredhat 10y ago The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2015-7539 high 7.5 7.5 jenkinsredhat 11y ago Jenkins does not Verify Checksums for Plugin Files
CVE-2015-7538 high 8.8 8.8 jenkinsredhat 11y ago Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-7537 high 8.8 8.8 redhatjenkins 11y ago Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-5295 medium 5.4 5.4 FIX slesdebian debianfedora fedora openstackredhat 11y ago The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory cons…
CVE-2015-1779 high 8.6 8.6 FIX slesubuntu ubuntu rhel qemuredhat 11y ago The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512 critical 9.0 9.0 FIX rheldebian debian qemuredhat 11y ago Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary …
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-5302 medium 5.0 redhat 11y ago libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1)…
CVE-2015-5287 medium 7.9 EXP rhel redhat 11y ago The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable na…
CVE-2015-5245 medium 4.3 FIX debian debian redhat 11y ago CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…
CVE-2015-8103 critical 9.8 10.0 EXP redhatjenkins 11y ago Jenkins CLI Deserialization of Untrusted Data vulnerability
CVE-2015-5326 medium 4.3 jenkinsredhat 11y ago Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-5325 high 7.5 redhatjenkins 11y ago Jenkins allows Bypass of Access Restrictions
CVE-2015-5324 medium 5.0 jenkinsredhat 11y ago Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5323 medium 6.5 redhatjenkins 11y ago Jenkins allows Administrators to Access API Tokens
CVE-2015-5322 medium 5.0 redhatjenkins 11y ago Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321 medium 5.0 redhatjenkins 11y ago Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320 medium 5.0 redhatjenkins 11y ago Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319 medium 5.0 redhatjenkins 11y ago Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2015-5318 medium 6.8 jenkinsredhat 11y ago Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-5242 medium 6.0 redhat 11y ago OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a cra…
CVE-2015-8126 high 7.5 FIX slesdebian debianubuntu ubuntu libpngredhatoracle 11y ago Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x …
CVE-2015-5225 high 7.2 FIX slesfedora fedoradebian debian redhatqemu 11y ago Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) …
CVE-2015-5305 medium 6.4 FIX debian debian redhat 11y ago Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handle…
CVE-2015-5220 medium 5.0 redhat 11y ago The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption)…
CVE-2015-5188 medium 6.8 redhat 11y ago Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.C…
CVE-2015-5178 medium 4.3 redhat 11y ago The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for …
CVE-2015-1814 high 7.5 jenkinsredhat 11y ago Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2015-1813 medium 4.3 jenkinsredhat 11y ago Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812 medium 4.3 jenkinsredhat 11y ago Jenkins Cross-site Scripting vulnerability
CVE-2015-1810 medium 4.6 jenkinsredhat 11y ago Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2015-1806 medium 6.5 jenkinsredhat 11y ago Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2015-5235 medium 4.3 FIX debian debiansuse susefedora fedora redhat 11y ago IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving …
CVE-2015-5234 medium 6.8 FIX debian debiansuse susefedora fedora redhat 11y ago IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass use…
CVE-2015-5274 medium 6.5 redhat 11y ago rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
CVE-2015-5250 medium 4.0 redhat 11y ago Denial of Service in OpenShift Origin in github.com/openshift/origin
CVE-2015-3214 medium 7.9 EXPFIX debian debian linux-kernel rhel qemuredhat 11y ago The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitra…
CVE-2015-5222 high 8.5 redhat 11y ago Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on a…
CVE-2015-0298 medium 4.3 redhat 11y ago Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
CVE-2015-5165 critical 9.3 FIX sles rheldebian debian suseredhat 11y ago The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-3908 medium 4.3 FIX debian debian redhat 11y ago Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle …
CVE-2015-5176 medium 5.8 redhat 11y ago The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to r…