VIR Vulnerability Intelligence Relay

Search

Found 63 results in 61ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-4480 critical 9.0 9.0 FIX slesdebian debian rhel redhatsamba 9d ago A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution charac…
CVE-2017-7550 critical 9.8 9.8 FIX debian debian sles rhel redhat 4y ago A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor…
CVE-2017-10906 critical 9.8 9.8 fluentdredhat 4y ago Fluentd Escape Sequence Injection Vulnerability
CVE-2014-0121 critical 9.8 9.8 hawtredhat 9y ago The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVE-2015-7501 critical 9.8 9.8 FIX debian debian redhat 9y ago Deserialization of Untrusted Data in Apache commons collections
CVE-2017-10346 critical 9.6 9.6 FIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14…
CVE-2017-10285 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. E…
CVE-2014-3702 critical 9.1 9.1 redhat 9y ago Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot…
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-15041 critical 9.8 9.8 FIX arch archdebian debian rhel golangredhat 9y ago Remote command execution via "go get" in cmd/go
CVE-2017-7552 critical 9.8 9.8 redhat 9y ago A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to …
CVE-2015-7544 critical 9.1 9.1 redhat 9y ago redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary comm…
CVE-2014-8174 critical 9.8 9.8 redhat 9y ago eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
CVE-2016-5018 critical 9.1 9.1 slesdebian debian rhel apachenetappredhat 9y ago Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
CVE-2017-10110 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthe…
CVE-2017-10107 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easi…
CVE-2017-10102 critical 9.0 9.0 FIX slesdebian debian rhel oraclephoenixcontactnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff…
CVE-2017-10101 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10096 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10090 critical 9.6 9.6 FIX slesdebian debian rhel oraclenetappredhat 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easil…
CVE-2017-10089 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows una…
CVE-2017-10087 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131…
CVE-2017-9788 critical 9.1 9.1 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…
CVE-2017-7512 critical 9.8 9.8 FIX arch arch redhat 9y ago Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authenticatio…
CVE-2017-3167 critical 9.8 9.8 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…
CVE-2016-5411 critical 9.8 9.8 rhel redhat 9y ago /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVE-2016-3690 critical 9.8 9.8 redhat 9y ago The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
CVE-2017-9214 critical 9.8 9.8 FIX slesdebian debian rhel openvswitchredhat 9y ago In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pu…
CVE-2016-9843 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-7504 critical 9.8 9.8 redhat 9y ago HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo…
CVE-2017-7503 critical 9.8 9.8 redhat 9y ago It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil…
CVE-2017-5645 critical 9.8 9.8 FIX debian debian sles rhel apachenetappredhat 9y ago Deserialization of Untrusted Data in Log4j
CVE-2014-5009 critical 9.8 9.8 FIX debian debian snoopyredhatnagios 9y ago Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2014-5008 critical 9.8 9.8 FIX debian debian snoopyredhat 9y ago Snoopy allows remote attackers to execute arbitrary commands.
CVE-2008-7313 critical 9.8 9.8 FIX debian debian snoopyredhatnagios 9y ago The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2017-5929 critical 9.8 9.8 FIX debian debian qosredhat 9y ago QOS.ch Logback vulnerable to Deserialization of Untrusted Data
CVE-2016-6330 critical 9.8 9.8 redhat 10y ago The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted H…
CVE-2016-6662 critical 9.8 10.0 EXP slesdebian debian rhel oracleperconamariadb 10y ago Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
CVE-2016-4999 critical 9.8 9.8 redhat 10y ago SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to …
CVE-2016-3737 critical 9.8 9.8 redhat 10y ago The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
CVE-2016-5008 critical 9.8 9.8 FIX slesdebian debian redhat 10y ago libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC sess…
CVE-2016-2074 critical 9.8 9.8 FIX debian debian openvswitchredhat 10y ago Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demons…
CVE-2016-2141 critical 9.8 9.8 slesdebian debian rhel redhat 10y ago Improper Input Validation in JGroups
CVE-2015-5041 critical 9.1 9.1 suse suse ibmredhat 10y ago The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject …
CVE-2015-7545 critical 9.8 9.8 FIX slesdebian debiansuse suse git_projectredhat 10y ago The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot…
CVE-2016-0791 critical 9.8 9.8 redhatjenkins 10y ago Exposure of Sensitive Information in Jenkins Core
CVE-2016-0788 critical 9.8 9.8 jenkinsredhat 10y ago Jenkins allows Execution of Code by Opening a JRMP Listener
CVE-2015-7512 critical 9.0 9.0 FIX rheldebian debian qemuredhat 11y ago Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary …
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-8103 critical 9.8 10.0 EXP redhatjenkins 11y ago Jenkins CLI Deserialization of Untrusted Data vulnerability
CVE-2015-5165 critical 9.3 FIX sles rheldebian debian suseredhat 11y ago The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-0297 critical 9.0 redhat 11y ago Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) Sched…
CVE-2015-1842 critical 10.0 redhat 11y ago The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary she…
CVE-2015-0235 critical 10.0 EXPFIX debian debianmacos macos gnuoracleredhat 12y ago Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors relate…
CVE-2014-3692 critical 10.0 redhat 12y ago The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at…
CVE-2014-3496 critical 10.0 redhat 12y ago cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz…
CVE-2013-6439 critical 9.3 redhat 13y ago Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector…
CVE-2013-2068 critical 10.0 EXP redhat 13y ago Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th…
CVE-2012-6075 critical 9.3 FIX ubuntu ubuntu rhelsuse suse qemuredhat 14y ago Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a…
CVE-2013-1591 critical 9.8 9.8 FIX sles rheldebian debian redhatpalemoon 14y ago Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resulta…
CVE-2012-4406 critical 9.8 9.8 FIX fedora fedora rheldebian debian openstackredhat 14y ago OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb…
CVE-2012-1938 critical 9.3 suse suse rhel mozillaredhat 14y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memo…