Filtered by vendor Redhat
Subscribe
Total
5530 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3647 | 7 Canonical, Debian, Linux and 4 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
CVE-2014-3693 | 4 Canonical, Libreoffice, Opensuse and 1 more | 6 Ubuntu Linux, Libreoffice, Opensuse and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. | |||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2023-12-10 | 4.3 MEDIUM | 3.4 LOW |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
CVE-2011-2941 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. | |||||
CVE-2014-7941 | 4 Chromium, Google, Opensuse and 1 more | 7 Chromium, Chrome, Opensuse and 4 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. | |||||
CVE-2014-3580 | 4 Apache, Apple, Debian and 1 more | 8 Subversion, Xcode, Debian Linux and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | |||||
CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2023-12-10 | 3.3 LOW | N/A |
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | |||||
CVE-2014-3481 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 5.0 MEDIUM | N/A |
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2023-12-10 | 4.0 MEDIUM | N/A |
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | |||||
CVE-2014-9666 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. | |||||
CVE-2014-0184 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2023-12-10 | 4.9 MEDIUM | N/A |
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | |||||
CVE-2014-3467 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||||
CVE-2015-0257 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-12-10 | 2.1 LOW | N/A |
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | |||||
CVE-2014-3680 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. | |||||
CVE-2014-7827 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 3.5 LOW | N/A |
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | |||||
CVE-2014-7968 | 1 Redhat | 1 Virtual Desktop Service Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | |||||
CVE-2014-8122 | 1 Redhat | 1 Jboss Weld | 2023-12-10 | 4.3 MEDIUM | N/A |
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. | |||||
CVE-2015-1214 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation. | |||||
CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2023-12-10 | 4.0 MEDIUM | N/A |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | |||||
CVE-2014-3530 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | N/A |
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. |