CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2601 CVE-2014-9585 Bypass 2015-01-09 2020-05-21
2.1
None Local Low Not required None Partial None
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
2602 CVE-2014-9584 20 +Info 2015-01-09 2020-05-21
2.1
None Local Low Not required Partial None None
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
2603 CVE-2014-9529 362 DoS Mem. Corr. 2015-01-09 2020-05-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
2604 CVE-2014-9493 264 2015-01-07 2019-02-01
5.5
None Remote Low ??? Partial None Partial
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
2605 CVE-2014-9322 269 1 +Priv 2014-12-17 2020-08-14
7.2
None Local Low Not required Complete Complete Complete
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
2606 CVE-2014-9273 119 Exec Code Overflow +Priv 2014-12-08 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
2607 CVE-2014-9140 119 DoS Overflow 2014-12-05 2018-10-09
5.0
None Remote Low Not required None None Partial
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
2608 CVE-2014-8867 17 DoS 2014-12-01 2018-10-30
4.9
None Local Low Not required None None Complete
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
2609 CVE-2014-8769 119 DoS Overflow +Info 2014-11-20 2018-10-09
6.4
None Remote Low Not required Partial None Partial
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
2610 CVE-2014-8567 399 DoS 2014-11-14 2019-07-09
9.4
None Remote Low Not required None Complete Complete
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
2611 CVE-2014-8564 310 DoS 2014-11-13 2018-10-30
5.0
None Remote Low Not required None None Partial
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
2612 CVE-2014-8241 476 DoS 2016-12-14 2016-12-20
7.5
None Remote Low Not required Partial Partial Partial
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
2613 CVE-2014-8183 284 2019-08-01 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
2614 CVE-2014-8181 665 +Info 2019-11-06 2019-11-09
2.1
None Local Low Not required Partial None None
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
2615 CVE-2014-8177 284 Bypass 2016-06-07 2019-04-22
4.0
None Remote Low ??? None Partial None
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.
2616 CVE-2014-8175 264 Bypass 2015-07-08 2015-07-09
6.0
None Remote Medium ??? Partial Partial Partial
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
2617 CVE-2014-8174 200 Exec Code +Info 2017-09-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
2618 CVE-2014-8171 399 DoS 2018-02-09 2019-04-22
4.9
None Local Low Not required None None Complete
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
2619 CVE-2014-8169 264 +Priv 2015-03-18 2018-10-30
4.4
None Local Medium Not required Partial Partial Partial
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
2620 CVE-2014-8168 284 2017-08-28 2017-09-04
4.6
None Local Low Not required Partial Partial Partial
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
2621 CVE-2014-8167 295 2019-11-13 2019-11-15
4.3
None Remote Medium Not required None Partial None
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
2622 CVE-2014-8163 22 Dir. Trav. 2017-08-28 2017-09-05
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
2623 CVE-2014-8162 2015-05-14 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
2624 CVE-2014-8160 20 Bypass 2015-03-02 2020-05-21
5.0
None Remote Low Not required None Partial None
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
2625 CVE-2014-8158 119 DoS Exec Code Overflow 2015-01-26 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
2626 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
2627 CVE-2014-8141 787 Exec Code Overflow 2020-01-31 2020-02-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
2628 CVE-2014-8140 787 Exec Code Overflow 2020-01-31 2020-02-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
2629 CVE-2014-8139 787 Exec Code Overflow 2020-01-31 2020-02-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
2630 CVE-2014-8138 119 DoS Exec Code Overflow 2014-12-24 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
2631 CVE-2014-8137 DoS Exec Code 2014-12-24 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
2632 CVE-2014-8136 264 DoS 2014-12-19 2018-10-30
2.1
None Local Low Not required None None Partial
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
2633 CVE-2014-8135 DoS 2014-12-19 2015-01-10
2.1
None Local Low Not required None None Partial
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
2634 CVE-2014-8131 264 DoS 2015-01-06 2015-01-06
4.0
None Remote Low ??? None None Partial
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
2635 CVE-2014-8130 369 DoS 2018-03-12 2018-04-05
4.3
None Remote Medium Not required None None Partial
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
2636 CVE-2014-8129 787 DoS 2018-03-12 2018-04-06
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
2637 CVE-2014-8125 2015-04-21 2015-05-26
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
2638 CVE-2014-8122 362 +Info 2015-02-13 2017-09-08
4.3
None Remote Medium Not required Partial None None
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
2639 CVE-2014-8119 20 DoS 2017-12-29 2019-04-22
5.0
None Remote Low Not required None None Partial
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
2640 CVE-2014-8115 264 Bypass 2015-02-20 2015-03-23
6.5
None Remote Low ??? Partial Partial Partial
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
2641 CVE-2014-8114 264 Exec Code 2015-02-20 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
2642 CVE-2014-8108 DoS 2014-12-18 2017-01-03
5.0
None Remote Low Not required None None Partial
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
2643 CVE-2014-8089 89 Exec Code Sql 2020-02-17 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
2644 CVE-2014-8080 DoS 2014-11-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
2645 CVE-2014-7968 310 DoS 2014-10-22 2014-10-23
5.0
None Remote Low Not required None None Partial
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
2646 CVE-2014-7943 119 DoS Overflow 2015-01-22 2018-10-30
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
2647 CVE-2014-7942 399 DoS 2015-01-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
2648 CVE-2014-7941 119 DoS Overflow 2015-01-22 2018-10-30
5.0
None Remote Low Not required None None Partial
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.
2649 CVE-2014-7939 264 Bypass 2015-01-22 2018-10-30
4.3
None Remote Medium Not required None Partial None
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
2650 CVE-2014-7926 17 DoS Mem. Corr. 2015-01-22 2019-04-23
7.5
None Remote Low Not required Partial Partial Partial
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 (This Page)54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.