CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2701 CVE-2014-4039 264 +Info 2014-06-17 2017-01-07
2.1
None Local Low Not required Partial None None
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
2702 CVE-2014-4038 59 2014-06-17 2017-01-07
4.4
None Local Medium Not required Partial Partial Partial
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
2703 CVE-2014-4027 200 +Info 2014-06-23 2020-08-21
2.3
None Local Network Medium ??? Partial None None
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
2704 CVE-2014-3940 362 DoS Mem. Corr. 2014-06-05 2019-04-22
4.0
None Local High Not required None None Complete
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
2705 CVE-2014-3917 200 DoS +Info 2014-06-05 2021-07-15
3.3
None Local Medium Not required Partial None Partial
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
2706 CVE-2014-3708 399 DoS 2014-10-31 2018-11-16
4.0
None Remote Low ??? None None Partial
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
2707 CVE-2014-3706 295 2017-10-18 2017-11-07
4.3
None Remote Medium Not required Partial None None
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
2708 CVE-2014-3703 264 Bypass 2014-12-02 2014-12-05
5.0
None Remote Low Not required None Partial None
OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions.
2709 CVE-2014-3702 22 DoS Dir. Trav. 2017-10-16 2017-11-07
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
2710 CVE-2014-3701 362 2019-12-15 2019-12-19
9.3
None Remote Medium Not required Complete Complete Complete
eDeploy has tmp file race condition flaws
2711 CVE-2014-3700 74 Exec Code 2019-11-21 2019-11-27
7.5
None Remote Low Not required Partial Partial Partial
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
2712 CVE-2014-3699 502 2019-12-15 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
eDeploy has RCE via cPickle deserialization of untrusted data
2713 CVE-2014-3693 DoS Exec Code 2014-11-07 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
2714 CVE-2014-3692 255 +Priv 2015-01-16 2015-01-20
10.0
None Remote Low Not required Complete Complete Complete
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
2715 CVE-2014-3691 310 Bypass 2015-03-09 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
2716 CVE-2014-3690 400 DoS 2014-11-10 2020-08-13
4.9
None Local Low Not required None None Complete
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
2717 CVE-2014-3687 400 DoS 2014-11-10 2020-08-10
7.8
None Remote Low Not required None None Complete
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
2718 CVE-2014-3682 2015-02-20 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
2719 CVE-2014-3681 79 XSS 2014-10-15 2018-12-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2720 CVE-2014-3680 200 +Info 2014-10-16 2016-06-15
4.0
None Remote Low ??? Partial None None
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
2721 CVE-2014-3677 Exec Code Mem. Corr. 2014-10-22 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
2722 CVE-2014-3676 787 Exec Code Overflow 2014-10-22 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
2723 CVE-2014-3675 125 DoS 2014-10-22 2021-04-07
5.0
None Remote Low Not required None None Partial
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
2724 CVE-2014-3674 264 2014-11-13 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
2725 CVE-2014-3673 20 DoS 2014-11-10 2020-08-10
7.8
None Remote Low Not required None None Complete
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
2726 CVE-2014-3672 400 DoS 2016-05-25 2017-09-08
2.1
None Local Low Not required None None Partial
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
2727 CVE-2014-3667 200 +Info 2014-10-16 2016-06-15
4.0
None Remote Low ??? Partial None None
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
2728 CVE-2014-3666 94 Exec Code 2014-10-16 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
2729 CVE-2014-3664 22 Dir. Trav. 2014-10-15 2017-08-29
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
2730 CVE-2014-3663 264 Bypass 2014-10-16 2016-06-15
6.0
None Remote Medium ??? Partial Partial Partial
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
2731 CVE-2014-3662 200 +Info 2014-10-16 2016-06-14
5.0
None Remote Low Not required Partial None None
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
2732 CVE-2014-3661 399 DoS 2014-10-16 2016-06-13
5.0
None Remote Low Not required None None Partial
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
2733 CVE-2014-3660 DoS 2014-11-04 2016-12-08
5.0
None Remote Low Not required None None Partial
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
2734 CVE-2014-3656 79 XSS 2019-12-10 2019-12-10
4.3
None Remote Medium Not required None Partial None
JBoss KeyCloak: XSS in login-status-iframe.html
2735 CVE-2014-3655 352 CSRF 2019-11-13 2019-11-14
4.3
None Remote Medium Not required None Partial None
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
2736 CVE-2014-3654 79 XSS 2014-11-03 2014-11-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
2737 CVE-2014-3652 601 2019-12-15 2019-12-19
5.8
None Remote Medium Not required Partial Partial None
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
2738 CVE-2014-3649 79 XSS 2019-11-04 2019-11-06
4.3
None Remote Medium Not required None Partial None
JBoss AeroGear has reflected XSS via the password field
2739 CVE-2014-3647 DoS 2014-11-10 2020-08-13
1.9
None Local Medium Not required None None Partial
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
2740 CVE-2014-3646 DoS 2014-11-10 2020-08-13
4.7
None Local Medium Not required None None Complete
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
2741 CVE-2014-3642 264 +Priv 2014-10-06 2014-10-07
6.5
None Remote Low ??? Partial Partial Partial
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
2742 CVE-2014-3640 476 DoS 2014-11-07 2017-11-04
2.1
None Local Low Not required None None Partial
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
2743 CVE-2014-3621 200 +Info 2014-10-02 2020-06-02
4.0
None Remote Low ??? Partial None None
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
2744 CVE-2014-3615 200 +Info 2014-11-01 2020-08-11
2.1
None Local Low Not required Partial None None
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
2745 CVE-2014-3611 362 DoS 2014-11-10 2020-08-12
4.7
None Local Medium Not required None None Complete
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
2746 CVE-2014-3602 264 +Info 2014-11-13 2019-12-17
2.1
None Local Low Not required Partial None None
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
2747 CVE-2014-3599 611 2019-11-12 2019-11-14
4.3
None Remote Medium Not required Partial None None
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
2748 CVE-2014-3595 79 XSS 2014-09-22 2014-11-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
2749 CVE-2014-3592 79 XSS 2019-11-13 2019-11-14
4.3
None Remote Medium Not required None Partial None
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
2750 CVE-2014-3590 352 CSRF 2020-01-02 2020-01-14
4.3
None Remote Medium Not required None None Partial
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 (This Page)56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.