VIR Vulnerability Intelligence Relay

Search

Found 788 results in 104ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-7827 low 3.5 redhat 12y ago The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a…
CVE-2014-0151 medium 6.8 redhat 12y ago Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a RE…
CVE-2015-0236 low 3.5 FIX slesubuntu ubuntususe suse redhat 12y ago libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (…
CVE-2014-9623 medium 4.0 FIX debian debian redhatopenstack 12y ago OpenStack Glance Bypass the storage quota and Denial of service
CVE-2014-7814 medium 6.5 redhat 12y ago SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
CVE-2014-7812 low 3.5 redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups f…
CVE-2014-7811 low 3.5 sles redhatsuse 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted X…
CVE-2014-0171 medium 5.0 redhatodata4j_project 12y ago XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a…
CVE-2014-9493 medium 5.5 FIX debian debian redhatopenstack 12y ago The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
CVE-2014-8131 medium 4.0 FIX debian debian redhat 12y ago The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us…
CVE-2014-8136 low 2.1 FIX debian debiansuse suse rhel redhat 12y ago The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denia…
CVE-2014-8135 low 2.1 FIX debian debian redhat 12y ago The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereferen…
CVE-2014-7840 high 7.5 FIX rheldebian debian qemuredhat 12y ago The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev…
CVE-2013-4399 medium 4.3 FIX debian debian redhat 12y ago The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cau…
CVE-2014-7852 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handl…
CVE-2014-9140 medium 5.0 FIX debian debian redhat 12y ago Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
CVE-2014-3561 low 2.1 redhat 12y ago The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive…
CVE-2014-3703 medium 5.0 redhat 12y ago OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration…
CVE-2014-7816 medium 6.0 EXPFIX debian debian redhat 12y ago Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2014-7839 medium 6.4 FIX debian debian redhat 12y ago XML External Entity Reference in RESTEasy
CVE-2014-7821 medium 4.0 FIX debian debianfedora fedora openstackredhat 12y ago OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVE-2014-8769 medium 6.4 FIX debian debian redhat 12y ago tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Dist…
CVE-2014-8768 medium 6.0 EXPFIX suse suseubuntu ubuntudebian debian redhat 12y ago Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a…
CVE-2014-8767 medium 5.0 FIX suse susedebian debian redhat 12y ago Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR f…
CVE-2014-0059 low 2.1 redhat 12y ago JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive informat…
CVE-2014-0233 medium 6.5 redhat 12y ago Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr…
CVE-2014-7815 medium 5.0 FIX debian debiansuse suseubuntu ubuntu qemuredhat 12y ago The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7823 medium 5.0 FIX debian debian redhat 12y ago The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML…
CVE-2014-3674 high 7.5 redhat 12y ago Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2014-3602 low 2.1 redhat 12y ago Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
CVE-2013-0336 medium 5.0 FIX debian debian redhat 12y ago The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr…
CVE-2014-3654 medium 4.3 suse suse redhatsuse 12y ago Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML …
CVE-2014-3615 low 2.1 FIX slesdebian debiansuse suse qemuredhat 12y ago The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-8333 medium 4.0 FIX debian debian rhel redhatopenstack 12y ago The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-0136 medium 5.0 redhat 12y ago The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
CVE-2014-5075 medium 6.8 redhatigniterealtime 12y ago The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…
CVE-2014-7968 medium 5.0 redhat 12y ago VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
CVE-2014-3677 high 7.5 redhat 12y ago Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
CVE-2014-3676 high 7.5 redhat 12y ago Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
CVE-2014-3675 medium 5.0 redhat 12y ago Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2014-3573 medium 6.5 redhat 12y ago The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or…
CVE-2014-3680 medium 4.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667 medium 4.0 redhatjenkins 12y ago Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3666 high 7.5 redhatjenkins 12y ago Jenkins allows for Code Execution via Crafted Packet to the CLI
CVE-2014-3663 medium 6.0 jenkinsredhat 12y ago Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2014-3662 medium 5.0 jenkinsredhat 12y ago Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661 medium 5.0 redhatjenkins 12y ago Jenkins Denial of Service vulnerability
CVE-2014-3681 medium 4.3 redhatjenkins 12y ago Jenkins Cross-site Scripting vulnerability
CVE-2014-3664 medium 4.0 jenkinsredhat 12y ago Jenkins Path Traversal vulnerability
CVE-2014-7283 medium 4.9 FIX debian debian linux-kernel redhat 12y ago The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a …
CVE-2014-7231 low 2.1 FIX debian debian openstackredhat 12y ago OpenStack Oslo utility sensitive information exposure via log files
CVE-2014-7230 low 2.1 FIX debian debianubuntu ubuntu openstackredhat 12y ago The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro…
CVE-2014-3642 medium 6.5 redhat 12y ago vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, …
CVE-2014-3521 medium 5.5 redhat 12y ago The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2014-0140 medium 4.0 redhat 12y ago Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
CVE-2013-6496 medium 5.0 redhat 12y ago Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
CVE-2014-3621 medium 4.0 FIX debian debianubuntu ubuntu rhel openstackredhat 12y ago The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo…
CVE-2014-3558 medium 5.0 FIX debian debian redhat 12y ago Improper Authentication in Hibernate Validator
CVE-2014-0170 medium 4.3 redhatjboss 12y ago Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
CVE-2014-3595 medium 4.3 suse suse redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…
CVE-2014-0152 medium 6.8 ovirtredhat 12y ago Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-3562 medium 5.0 FIX debian debian rhel fedoraprojectredhat 12y ago Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-4615 medium 5.0 FIX debian debianubuntu ubuntu redhatopenstack 12y ago The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl…
CVE-2014-3490 high 7.5 redhat 12y ago Incorrect Privilege Assignment in RESTEasy
CVE-2014-3472 medium 4.9 redhat 12y ago The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
CVE-2014-3464 medium 5.5 redhat 12y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
CVE-2014-3559 low 3.5 redhat 12y ago The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows r…
CVE-2014-5177 low 1.2 FIX debian debiansuse suse rhel redhat 12y ago libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat…
CVE-2014-0179 low 1.9 FIX suse susedebian debian rhel redhat 12y ago libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction …
CVE-2014-3530 high 7.5 redhat 12y ago XML External Entity Reference in org.picketlink:picketlink-common
CVE-2014-3518 medium 6.8 redhat 12y ago jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-3485 medium 4.0 redhat 12y ago The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via un…
CVE-2014-3489 medium 4.3 redhat 12y ago lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force atta…
CVE-2014-3486 medium 6.9 redhat 12y ago The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users …
CVE-2014-3481 medium 5.0 redhat 12y ago org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
CVE-2014-0248 medium 6.8 redhat 12y ago org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at…
CVE-2014-0184 medium 4.9 redhat 12y ago Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
CVE-2014-0180 medium 5.0 redhat 12y ago The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinit…
CVE-2014-0176 medium 4.3 redhat 12y ago Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2014-3470 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t…
CVE-2014-0224 high 7.4 8.4 EXPFIX suse susefedora fedora rhel opensslredhatfilezilla-project 12y ago OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z…
CVE-2014-0221 medium 4.3 FIX suse susefedora fedora rhel opensslredhatmariadb 12y ago The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client…
CVE-2014-3469 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU…
CVE-2014-3468 high 7.5 FIX debian debiansuse suse rhel gnuredhat 12y ago The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds ac…
CVE-2014-3467 medium 5.0 FIX debian debiansuse suse rhel gnuredhat 12y ago Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVE-2014-0042 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded pa…
CVE-2014-0041 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows m…
CVE-2014-0040 medium 4.3 redhat 12y ago OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, whi…
CVE-2013-6470 medium 5.0 redhat 12y ago The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid…
CVE-2014-3925 medium 5.0 FIX ubuntu ubuntu rheldebian debian redhat 12y ago sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing th…
CVE-2014-0202 low 2.1 redhat 12y ago The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, whic…
CVE-2014-0201 low 2.1 redhat 12y ago ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users t…
CVE-2014-0200 low 2.1 redhat 12y ago The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows loca…
CVE-2014-0199 low 2.1 redhat 12y ago The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allow…
CVE-2013-0199 medium 5.0 redhat 12y ago The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
CVE-2014-0137 medium 6.5 redhat 12y ago SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr…