VYPR

Vendor CVEs

Red Hat

All CVEs

3,699 total · sorted by risk
  • CVE-2014-7923Jan 22, 2015
    risk 0.00cvss epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via…

  • CVE-2015-0432Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

  • CVE-2015-0412Jan 21, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

  • CVE-2015-0410Jan 21, 2015
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.

  • CVE-2015-0407Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

  • CVE-2015-0395Jan 21, 2015
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

  • CVE-2015-0383Jan 21, 2015
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

  • CVE-2015-0381Jan 21, 2015
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

  • CVE-2015-0374Jan 21, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

  • CVE-2014-7814Jan 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.

  • CVE-2014-3692Jan 16, 2015
    risk 0.00cvss epss 0.03

    The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.

  • CVE-2014-7812Jan 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

  • CVE-2014-7811Jan 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

  • CVE-2014-0171Jan 15, 2015
    risk 0.00cvss epss 0.02

    XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.

  • CVE-2014-9585Jan 9, 2015
    risk 0.00cvss epss 0.01

    The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

  • CVE-2014-9584Jan 9, 2015
    risk 0.00cvss epss 0.00

    The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660…

  • CVE-2014-9529Jan 9, 2015
    risk 0.00cvss epss 0.00

    Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key…

  • CVE-2014-9493Jan 7, 2015
    risk 0.00cvss epss 0.03

    The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

  • CVE-2014-8131Jan 6, 2015
    risk 0.00cvss epss 0.01

    The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via…

  • CVE-2014-7300Dec 25, 2014
    risk 0.00cvss epss 0.00

    GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc…

  • CVE-2014-8136Dec 19, 2014
    risk 0.00cvss epss 0.00

    The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

  • CVE-2014-8135Dec 19, 2014
    risk 0.00cvss epss 0.00

    The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

  • CVE-2014-8120Dec 18, 2014
    risk 0.00cvss epss 0.00

    The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors.

  • CVE-2014-5353Dec 16, 2014
    risk 0.00cvss epss 0.05

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with…

  • CVE-2014-7840Dec 12, 2014
    risk 0.00cvss epss 0.04

    The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

  • CVE-2013-4399Dec 12, 2014
    risk 0.00cvss epss 0.02

    The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event…

  • CVE-2014-7852Dec 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.

  • CVE-2014-9273Dec 8, 2014
    risk 0.00cvss epss 0.01

    lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

  • CVE-2014-9140Dec 5, 2014
    risk 0.00cvss epss 0.06

    Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.

  • CVE-2014-3561Dec 5, 2014
    risk 0.00cvss epss 0.00

    The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

  • CVE-2014-3703Dec 2, 2014
    risk 0.00cvss epss 0.02

    OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass…

  • CVE-2014-8867Dec 1, 2014
    risk 0.00cvss epss 0.00

    The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

  • CVE-2014-7839Nov 25, 2014
    risk 0.00cvss epss 0.02

    DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

  • CVE-2012-6662Nov 24, 2014
    risk 0.00cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the…

  • CVE-2014-7821Nov 24, 2014
    risk 0.00cvss epss 0.04

    OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

  • CVE-2014-8769Nov 20, 2014
    risk 0.00cvss epss 0.06

    tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

  • CVE-2014-8767Nov 20, 2014
    risk 0.00cvss epss 0.05

    Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

  • CVE-2014-0059Nov 17, 2014
    risk 0.00cvss epss 0.00

    JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

  • CVE-2014-0233Nov 16, 2014
    risk 0.00cvss epss 0.02

    Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.

  • CVE-2014-4975Nov 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer…

  • CVE-2014-8567Nov 14, 2014
    risk 0.00cvss epss 0.04

    The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

  • CVE-2014-7815Nov 14, 2014
    risk 0.00cvss epss 0.04

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

  • CVE-2014-8564Nov 13, 2014
    risk 0.00cvss epss 0.03

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2)…

  • CVE-2014-7823Nov 13, 2014
    risk 0.00cvss epss 0.02

    The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

  • CVE-2014-3674Nov 13, 2014
    risk 0.00cvss epss 0.02

    Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.

  • CVE-2014-3602Nov 13, 2014
    risk 0.00cvss epss 0.00

    Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

  • CVE-2014-3693Nov 7, 2014
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

  • CVE-2014-3640Nov 7, 2014
    risk 0.00cvss epss 0.00

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

  • CVE-2014-3660Nov 4, 2014
    risk 0.00cvss epss 0.04

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…

  • CVE-2013-0336Nov 3, 2014
    risk 0.00cvss epss 0.03

    The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389…

Page 53 of 74