VYPR

Vendor CVEs

Red Hat

All CVEs

3,695 total · sorted by risk
  • CVE-2014-8333Oct 31, 2014
    risk 0.00cvss epss 0.02

    The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

  • CVE-2014-3708Oct 31, 2014
    risk 0.00cvss epss 0.03

    OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

  • CVE-2014-0136Oct 27, 2014
    risk 0.00cvss epss 0.02

    The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

  • CVE-2014-5075Oct 25, 2014
    risk 0.00cvss epss 0.01

    The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

  • CVE-2014-7968Oct 22, 2014
    risk 0.00cvss epss 0.02

    VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.

  • CVE-2014-3677Oct 22, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

  • CVE-2014-3676Oct 22, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

  • CVE-2014-3675Oct 22, 2014
    risk 0.00cvss epss 0.03

    Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

  • CVE-2014-3573Oct 18, 2014
    risk 0.00cvss epss 0.02

    The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related…

  • CVE-2014-3680Oct 16, 2014
    risk 0.00cvss epss 0.01

    Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

  • CVE-2014-3667Oct 16, 2014
    risk 0.00cvss epss 0.01

    Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.

  • CVE-2014-3666Oct 16, 2014
    risk 0.00cvss epss 0.04

    Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

  • CVE-2014-3663Oct 16, 2014
    risk 0.00cvss epss 0.01

    Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.

  • CVE-2014-3662Oct 16, 2014
    risk 0.00cvss epss 0.02

    Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

  • CVE-2014-3661Oct 16, 2014
    risk 0.00cvss epss 0.02

    Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

  • CVE-2014-3681Oct 15, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-3664Oct 15, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.

  • CVE-2014-3593Oct 15, 2014
    risk 0.00cvss epss 0.01

    Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.

  • CVE-2014-7283Oct 13, 2014
    risk 0.00cvss epss 0.01

    The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on…

  • CVE-2014-7231Oct 8, 2014
    risk 0.00cvss epss 0.01

    The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

  • CVE-2014-7230Oct 8, 2014
    risk 0.00cvss epss 0.00

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

  • CVE-2014-3200Oct 8, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-3199Oct 8, 2014
    risk 0.00cvss epss 0.01

    The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors…

  • CVE-2014-3198Oct 8, 2014
    risk 0.00cvss epss 0.01

    The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds…

  • CVE-2014-3197Oct 8, 2014
    risk 0.00cvss epss 0.01

    The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive…

  • CVE-2014-3195Oct 8, 2014
    risk 0.00cvss epss 0.01

    Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to…

  • CVE-2014-3194Oct 8, 2014
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2014-3193Oct 8, 2014
    risk 0.00cvss epss 0.02

    The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for…

  • CVE-2014-3192Oct 8, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have…

  • CVE-2014-3191Oct 8, 2014
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with…

  • CVE-2014-3190Oct 8, 2014
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted…

  • CVE-2014-3189Oct 8, 2014
    risk 0.00cvss epss 0.01

    The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified…

  • CVE-2014-3188Oct 8, 2014
    risk 0.00cvss epss 0.06

    Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by…

  • CVE-2014-3632Oct 7, 2014
    risk 0.00cvss epss 0.03

    The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE:…

  • CVE-2014-3642Oct 6, 2014
    risk 0.00cvss epss 0.01

    vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

  • CVE-2014-3521Oct 6, 2014
    risk 0.00cvss epss 0.01

    The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.

  • CVE-2014-0140Oct 6, 2014
    risk 0.00cvss epss 0.01

    Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.

  • CVE-2013-6496Oct 6, 2014
    risk 0.00cvss epss 0.02

    Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

  • CVE-2014-3621Oct 2, 2014
    risk 0.00cvss epss 0.02

    The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

  • CVE-2014-6055Sep 30, 2014
    risk 0.00cvss epss 0.08

    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3)…

  • CVE-2014-6051Sep 30, 2014
    risk 0.00cvss epss 0.08

    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer…

  • CVE-2014-3558Sep 30, 2014
    risk 0.00cvss epss 0.03

    ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted…

  • CVE-2014-0170Sep 30, 2014
    risk 0.00cvss epss 0.02

    Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.

  • CVE-2014-7145Sep 28, 2014
    risk 0.00cvss epss 0.04

    The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS…

  • CVE-2014-3595Sep 22, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

  • CVE-2014-0152Sep 8, 2014
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2014-3562Aug 21, 2014
    risk 0.00cvss epss 0.02

    Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

  • CVE-2014-4615Aug 19, 2014
    risk 0.00cvss epss 0.03

    The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the…

  • CVE-2014-3490Aug 19, 2014
    risk 0.00cvss epss 0.05

    RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read…

  • CVE-2014-3472Aug 19, 2014
    risk 0.00cvss epss 0.02

    The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via…

Page 54 of 74