Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2802 total CVE
CVE Vendors Products Updated CVSS
CVE-2011-4930 3 Condor Project, Fedoraproject, Redhat 3 Condor, Fedora, Enterprise Mrg 2014-02-10 4.4
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure...
CVE-2012-0059 1 Redhat 2 Network Satellite, Network Proxy 2014-02-06 4.3
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the...
CVE-2013-6434 1 Redhat 1 Enterprise Virtualization Manager 2014-01-24 4.3
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof...
CVE-2013-6443 1 Redhat 2 Cloudforms 3.0 Management Engine, Cloudforms 2014-01-23 6.8
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVE-2013-6448 1 Redhat 1 Jboss Seam 2 Framework 2014-01-23 5.0
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary...
CVE-2013-6447 1 Redhat 1 Jboss Seam 2 Framework 2014-01-23 5.0
Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow...
CVE-2013-4461 1 Redhat 1 Enterprise Mrg 2014-01-14 7.5
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."
CVE-2013-4414 1 Redhat 1 Enterprise Mrg 2014-01-14 4.3
Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form.
CVE-2013-4405 1 Redhat 1 Enterprise Mrg 2014-01-14 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.
CVE-2013-4404 1 Redhat 1 Enterprise Mrg 2014-01-14 6.5
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
CVE-2013-2068 1 Redhat 1 Cloudforms Management Engine 2014-01-14 9.4
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2)...
CVE-2013-2548 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2014-01-04 2.1
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive...
CVE-2013-2547 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2014-01-04 2.1
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive...
CVE-2013-2546 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2014-01-04 2.1
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the...
CVE-2011-2482 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2013-12-31 7.8
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and...
CVE-2013-4424 1 Redhat 1 Jboss Enterprise Portal Platform 2013-12-27 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2519 2 Linux, Redhat 2 Enterprise Linux, Linux Kernel 2013-12-27 5.2
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
CVE-2010-0430 1 Redhat 1 Enterprise Virtualization Hypervisor 2013-12-27 7.4
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the...
CVE-2013-4452 1 Redhat 1 Jboss Operations Network 2013-12-26 2.1
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.
CVE-2013-4480 1 Redhat 1 Network Satellite 2013-12-01 7.5
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.