VIR Vulnerability Intelligence Relay

Search

Found 738 results in 224ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-2176 high 7.2 redhat 13y ago Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privile…
CVE-2013-4172 high 8.5 redhat 13y ago The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
CVE-2012-5575 medium 6.4 apacheredhat 13y ago Inadequate Encryption Strength in Apache CXF
CVE-2013-2175 medium 5.0 FIX ubuntu ubuntudebian debian redhathaproxy 13y ago HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (ne…
CVE-2013-4213 medium 6.4 redhat 13y ago Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
CVE-2013-4128 medium 6.4 redhat 13y ago Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
CVE-2013-2219 medium 4.0 FIX debian debian fedoraprojectredhat 13y ago The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information vi…
CVE-2013-2121 medium 7.0 EXP redhattheforeman 13y ago Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary c…
CVE-2013-2113 medium 7.0 EXP redhattheforeman 13y ago The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changin…
CVE-2013-2056 medium 5.0 redhat 13y ago The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by…
CVE-2013-2882 high 7.5 debian debian googleredhatnodejs 13y ago Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2011-1483 medium 5.0 redhathp 13y ago JBossWS vulnerable to uncontrolled recursion
CVE-2013-2165 high 7.5 redhat 13y ago Remote code execution due to insecure deserialization
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-1976 medium 6.9 rhel redhat 13y ago The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow loca…
CVE-2013-2144 medium 5.0 redhat 13y ago Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consump…
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2069 high 7.2 redhat 13y ago Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which all…
CVE-2013-1962 medium 5.0 FIX debian debian redhat 13y ago The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number…
CVE-2013-2119 medium 4.6 phusionruby-langredhat 13y ago Phusion Passenger Denial of Service
CVE-2013-1927 medium 6.8 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
CVE-2013-1926 medium 5.8 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensi…
CVE-2013-0315 medium 5.0 redhat 13y ago The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entit…
CVE-2013-0314 high 7.5 redhat 13y ago The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents…
CVE-2012-3532 medium 6.8 redhat 13y ago Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie…
CVE-2013-1815 medium 6.1 6.1 redhat 13y ago A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current work…
CVE-2013-1823 medium 4.3 redhat 13y ago Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username f…
CVE-2013-0168 medium 4.0 redhat 13y ago The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to …
CVE-2012-5660 medium 6.9 redhat 13y ago abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml…
CVE-2012-5629 high 7.5 redhat 13y ago The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) …
CVE-2012-6118 medium 5.5 redhat 13y ago The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
CVE-2012-5647 medium 5.8 redhat 14y ago Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
CVE-2012-5646 high 7.5 redhat 14y ago node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
CVE-2012-6075 critical 9.3 FIX ubuntu ubuntu rhelsuse suse qemuredhat 14y ago Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a…
CVE-2013-0170 medium 6.8 FIX debian debianubuntu ubuntu rhel redhat 14y ago Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allo…
CVE-2013-0166 medium 5.0 FIX debian debian opensslredhat 14y ago OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service …
CVE-2012-5478 medium 4.9 redhat 14y ago The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly …
CVE-2012-3370 medium 5.8 redhat 14y ago The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 re…
CVE-2012-3369 medium 4.0 redhat 14y ago The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote att…
CVE-2012-0874 medium 7.8 EXP redhat 14y ago The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and …
CVE-2011-4575 medium 4.3 redhat 14y ago Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform …
CVE-2013-1591 critical 9.8 9.8 FIX sles rheldebian debian redhatpalemoon 14y ago Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resulta…
CVE-2012-5484 high 7.9 redhat 14y ago The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedur…
CVE-2012-5531 medium 4.3 redhat 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vector…
CVE-2012-4550 medium 5.3 5.3 redhat 14y ago A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization…
CVE-2012-4549 medium 6.5 6.5 redhat 14y ago A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all reque…
CVE-2012-5603 medium 5.5 redhat 14y ago proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'…
CVE-2012-4556 medium 4.0 redhat 14y ago The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certai…
CVE-2012-4555 medium 4.0 redhat 14y ago The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…
CVE-2012-4543 medium 4.3 redhat 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi…
CVE-2012-0861 medium 6.8 redhat 14y ago The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents …
CVE-2012-5622 medium 6.8 redhat 14y ago Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authen…
CVE-2012-5604 medium 4.3 redhat 14y ago ldap_fluff authentication bypass
CVE-2012-3515 high 7.2 FIX suse suse rheldebian debian qemuredhat 14y ago Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
CVE-2012-3431 medium 4.3 redhat 14y ago The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specifica…
CVE-2012-1167 medium 4.6 redhat 14y ago The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the ser…
CVE-2012-0818 medium 5.0 redhat 14y ago Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
CVE-2011-5245 medium 5.0 redhat 14y ago Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
CVE-2011-4605 high 7.5 redhat 14y ago The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.C…
CVE-2011-4085 medium 6.8 redhat 14y ago The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access…
CVE-2011-2908 medium 6.0 redhat 14y ago Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 al…
CVE-2011-1096 medium 5.0 redhat 14y ago The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block ch…
CVE-2012-4423 medium 5.0 FIX debian debian redhat 14y ago The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) a…
CVE-2012-4540 medium 6.8 FIX suse susedebian debian redhat 14y ago Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers t…
CVE-2012-4406 critical 9.8 9.8 FIX fedora fedora rheldebian debian openstackredhat 14y ago OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb…
CVE-2012-1154 medium 4.3 redhat 14y ago Improper Access Control in JBoss mod_cluster
CVE-2012-2125 medium 5.8 FIX ubuntu ubuntudebian debian rubygemsredhat 14y ago RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
CVE-2012-3425 medium 4.3 ubuntu ubuntususe susedebian debian libpngredhat 14y ago The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (ou…
CVE-2012-3367 medium 5.5 redhat 14y ago Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with…
CVE-2012-2662 medium 4.3 redhat 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via u…
CVE-2012-3423 high 7.5 FIX debian debian redhat 14y ago The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive informat…
CVE-2012-3422 medium 6.8 FIX debian debian redhat 14y ago The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial…
CVE-2012-0876 medium 4.3 FIX slesdebian debian rhel libexpat_projectpythonredhat 14y ago The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a deni…
CVE-2012-2664 medium 4.3 redhat 14y ago The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archiv…
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …
CVE-2012-0037 medium 6.5 6.5 rhelfedora fedoradebian debian librdflibreofficeapache 14y ago Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read…
CVE-2012-1145 medium 5.0 rhel redhat 14y ago spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remot…
CVE-2012-1938 critical 9.3 suse suse rhel mozillaredhat 14y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memo…
CVE-2012-1798 medium 6.5 6.5 FIX debian debiansuse suse rhel imagemagickredhat 14y ago The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF …
CVE-2012-0260 medium 6.5 6.5 FIX debian debiansuse suse rhel imagemagickredhat 14y ago The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of re…
CVE-2012-0248 medium 5.5 5.5 FIX debian debian rhelubuntu ubuntu imagemagickredhat 14y ago ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the I…
CVE-2012-0247 high 8.8 8.8 FIX debian debian rhelubuntu ubuntu imagemagickredhat 14y ago ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit …
CVE-2012-2333 medium 6.8 FIX debian debian opensslredhat 14y ago Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of serv…
CVE-2012-2126 medium 4.3 FIX ubuntu ubuntudebian debian rubygemsredhat 14y ago RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
CVE-2012-2110 high 8.5 EXPFIX debian debian opensslredhat 14y ago The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers…
CVE-2011-3045 high 8.8 8.8 suse susedebian debianfedora fedora googleredhatlibpng 14y ago Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a de…
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2011-4622 medium 4.9 redhat 15y ago The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual …
CVE-2011-4608 high 7.5 redhat 15y ago mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access rest…
CVE-2011-4314 medium 5.8 FIX debian debian kay_framework_projectopenidredhat 15y ago OpenID4Java does not verify that Attribute Exchange (AX) information is signed
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-3206 medium 4.3 redhatrhq-project 15y ago Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to injec…
CVE-2011-3636 medium 6.8 redhat 15y ago Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make confi…
CVE-2011-3348 medium 4.3 FIX debian debian rhel apacheredhat 15y ago The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
CVE-2011-2899 medium 5.1 FIX debian debian redhat 15y ago pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) Net…
CVE-2011-1576 medium 5.7 linux-kernel rhel redhat 15y ago The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV)…
CVE-2011-2511 medium 4.0 FIX debian debian redhat 15y ago Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call t…
CVE-2011-2178 medium 4.4 FIX debian debian redhat 15y ago The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security m…
CVE-2011-2196 medium 6.8 redhat 15y ago jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or J…
CVE-2009-4139 medium 6.8 6.8 redhat 15y ago A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unaut…