VIR Vulnerability Intelligence Relay

Search

Found 736 results in 108ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-1818 high 7.5 redhat 11y ago XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote att…
CVE-2015-3244 medium 4.9 redhat 11y ago The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso…
CVE-2014-8175 medium 6.0 redhat 11y ago Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2013-7398 medium 4.3 FIX debian debian async-http-client_projectredhat 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2013-7397 medium 4.3 FIX debian debian redhatasync-http-client_project 11y ago Insufficient Verification of Data Authenticity in Async Http Client
CVE-2015-3209 high 7.5 FIX ubuntu ubuntudebian debian rhel qemujuniperredhat 11y ago Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_…
CVE-2014-8162 high 7.5 redhatsuse 11y ago XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified imp…
CVE-2015-3456 high 8.7 EXPFIX rheldebian debian qemuredhat 11y ago The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb…
CVE-2015-0237 medium 6.8 redhat 11y ago Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users t…
CVE-2015-0297 critical 9.0 redhat 11y ago Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) Sched…
CVE-2014-8125 high 7.5 redhat 11y ago Improper Input Validation in Drools and jBPM
CVE-2015-1842 critical 10.0 redhat 11y ago The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary she…
CVE-2015-1843 medium 4.3 FIX debian debian redhat 11y ago The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to condu…
CVE-2015-0283 high 7.8 FIX debian debian redhat 11y ago The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) v…
CVE-2015-0279 medium 6.8 redhat 11y ago JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVE-2015-0250 medium 6.4 FIX slesdebian debianubuntu ubuntu apacheredhat 11y ago Improper Input Validation in Apache Batik
CVE-2015-0271 medium 4.0 FIX debian debian redhat 11y ago The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2014-3691 high 7.5 redhattheforeman 11y ago Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and …
CVE-2014-8115 medium 6.5 redhat 11y ago The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspeci…
CVE-2014-8114 medium 6.8 redhat 11y ago UberFire Framework Improperly Restricts Paths
CVE-2014-3682 high 7.5 redhat 11y ago XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read ar…
CVE-2014-8122 medium 4.3 redhat 12y ago Information disclosure in JBoss Weld
CVE-2014-7853 medium 4.0 redhat 12y ago The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to t…
CVE-2014-7849 medium 4.0 redhat 12y ago The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authentic…
CVE-2014-0151 medium 6.8 redhat 12y ago Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a RE…
CVE-2015-0235 critical 10.0 EXPFIX debian debianmacos macos gnuoracleredhat 12y ago Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors relate…
CVE-2014-9623 medium 4.0 FIX debian debian redhatopenstack 12y ago OpenStack Glance Bypass the storage quota and Denial of service
CVE-2014-7814 medium 6.5 redhat 12y ago SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
CVE-2014-3692 critical 10.0 redhat 12y ago The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at…
CVE-2014-0171 medium 5.0 redhatodata4j_project 12y ago XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a…
CVE-2014-9493 medium 5.5 FIX debian debian redhatopenstack 12y ago The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
CVE-2014-8131 medium 4.0 FIX debian debian redhat 12y ago The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us…
CVE-2014-7840 high 7.5 FIX rheldebian debian qemuredhat 12y ago The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev…
CVE-2013-4399 medium 4.3 FIX debian debian redhat 12y ago The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cau…
CVE-2014-7852 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handl…
CVE-2014-9140 medium 5.0 FIX debian debian redhat 12y ago Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
CVE-2014-3703 medium 5.0 redhat 12y ago OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration…
CVE-2014-7816 medium 6.0 EXPFIX debian debian redhat 12y ago Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2014-7839 medium 6.4 FIX debian debian redhat 12y ago XML External Entity Reference in RESTEasy
CVE-2014-7821 medium 4.0 FIX debian debianfedora fedora openstackredhat 12y ago OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVE-2014-8769 medium 6.4 FIX debian debian redhat 12y ago tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Dist…
CVE-2014-8768 medium 6.0 EXPFIX suse suseubuntu ubuntudebian debian redhat 12y ago Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a…
CVE-2014-8767 medium 5.0 FIX suse susedebian debian redhat 12y ago Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR f…
CVE-2014-0233 medium 6.5 redhat 12y ago Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr…
CVE-2014-7815 medium 5.0 FIX debian debiansuse suseubuntu ubuntu qemuredhat 12y ago The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7823 medium 5.0 FIX debian debian redhat 12y ago The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML…
CVE-2014-3674 high 7.5 redhat 12y ago Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2013-0336 medium 5.0 FIX debian debian redhat 12y ago The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr…
CVE-2014-3654 medium 4.3 suse suse redhatsuse 12y ago Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML …
CVE-2014-8333 medium 4.0 FIX debian debian rhel redhatopenstack 12y ago The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-0136 medium 5.0 redhat 12y ago The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
CVE-2014-5075 medium 6.8 redhatigniterealtime 12y ago The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…
CVE-2014-7968 medium 5.0 redhat 12y ago VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
CVE-2014-3677 high 7.5 redhat 12y ago Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
CVE-2014-3676 high 7.5 redhat 12y ago Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
CVE-2014-3675 medium 5.0 redhat 12y ago Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2014-3573 medium 6.5 redhat 12y ago The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or…
CVE-2014-3680 medium 4.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667 medium 4.0 redhatjenkins 12y ago Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3666 high 7.5 redhatjenkins 12y ago Jenkins allows for Code Execution via Crafted Packet to the CLI
CVE-2014-3663 medium 6.0 jenkinsredhat 12y ago Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2014-3662 medium 5.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661 medium 5.0 redhatjenkins 12y ago Jenkins Denial of Service vulnerability
CVE-2014-3681 medium 4.3 redhatjenkins 12y ago Jenkins Cross-site Scripting vulnerability
CVE-2014-3664 medium 4.0 jenkinsredhat 12y ago Jenkins Path Traversal vulnerability
CVE-2014-7283 medium 4.9 FIX debian debian linux-kernel redhat 12y ago The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a …
CVE-2014-3642 medium 6.5 redhat 12y ago vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, …
CVE-2014-3521 medium 5.5 redhat 12y ago The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2014-0140 medium 4.0 redhat 12y ago Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
CVE-2013-6496 medium 5.0 redhat 12y ago Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
CVE-2014-3621 medium 4.0 FIX debian debianubuntu ubuntu rhel openstackredhat 12y ago The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo…
CVE-2014-3558 medium 5.0 FIX debian debian redhat 12y ago Improper Authentication in Hibernate Validator
CVE-2014-0170 medium 4.3 redhatjboss 12y ago Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
CVE-2014-3595 medium 4.3 suse suse redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…
CVE-2014-0152 medium 6.8 ovirtredhat 12y ago Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-3562 medium 5.0 FIX debian debian rhel fedoraprojectredhat 12y ago Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-4615 medium 5.0 FIX debian debianubuntu ubuntu redhatopenstack 12y ago The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl…
CVE-2014-3490 high 7.5 redhat 12y ago Incorrect Privilege Assignment in RESTEasy
CVE-2014-3472 medium 4.9 redhat 12y ago The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
CVE-2014-3464 medium 5.5 redhat 12y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
CVE-2014-3530 high 7.5 redhat 12y ago XML External Entity Reference in org.picketlink:picketlink-common
CVE-2014-3518 medium 6.8 redhat 12y ago jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-3485 medium 4.0 redhat 12y ago The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via un…
CVE-2014-3489 medium 4.3 redhat 12y ago lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force atta…
CVE-2014-3486 medium 6.9 redhat 12y ago The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users …
CVE-2014-3481 medium 5.0 redhat 12y ago org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
CVE-2014-0248 medium 6.8 redhat 12y ago org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at…
CVE-2014-0184 medium 4.9 redhat 12y ago Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
CVE-2014-0180 medium 5.0 redhat 12y ago The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinit…
CVE-2014-0176 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2014-3496 critical 10.0 redhat 12y ago cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz…
CVE-2014-3470 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t…
CVE-2014-0224 high 7.4 8.4 EXPFIX suse susefedora fedora rhel opensslredhatfilezilla-project 12y ago OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z…
CVE-2014-0221 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client…
CVE-2014-3469 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU…
CVE-2014-3468 high 7.5 FIX debian debiansuse suse rhel gnuredhat 12y ago The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds ac…