Filtered by vendor Redhat
Subscribe
Total
5664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
| CVE-2014-0148 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | |||||
| CVE-2014-0147 | 3 Fedoraproject, Qemu, Redhat | 10 Fedora, Qemu, Enterprise Linux Desktop and 7 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | |||||
| CVE-2014-0144 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-11-21 | N/A | 8.6 HIGH |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | |||||
| CVE-2014-0087 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | |||||
| CVE-2014-0084 | 1 Redhat | 1 Openshift Origin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | |||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2013-6495 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBossWeb Bayeux has reflected XSS | |||||
| CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | |||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| php-symfony2-Validator has loss of information during serialization | |||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | |||||
| CVE-2013-4535 | 2 Qemu, Redhat | 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |||||
| CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | |||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||