Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2788 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-4154 1 Redhat 1 Libvirt 2013-10-11 4.3
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as...
CVE-2013-1950 1 Redhat 1 Libtirpc 2013-10-11 4.3
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
CVE-2013-4284 1 Redhat 1 Enterprise Mrg 2013-10-10 5.0
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.
CVE-2013-4157 1 Redhat 1 Storage Server 2013-10-07 3.6
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.
CVE-2013-2230 1 Redhat 1 Libvirt 2013-10-04 4.0
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
CVE-2013-4239 1 Redhat 1 Libvirt 2013-10-01 4.0
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
CVE-2013-4291 1 Redhat 1 Libvirt 2013-10-01 6.9
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
CVE-2013-4181 1 Redhat 1 Enterprise Virtualization 2013-09-25 4.3
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote...
CVE-2013-4182 2 Theforeman, Redhat 2 Openstack, Foreman 2013-09-17 7.5
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4180 2 Theforeman, Redhat 2 Openstack, Foreman 2013-09-17 5.0
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-2176 1 Redhat 1 Enterprise Virtualization 2013-08-29 7.2
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.
CVE-2013-4172 1 Redhat 1 Cloudforms Management Engine 2013-08-27 8.5
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
CVE-2013-1909 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2013-08-26 5.8
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL...
CVE-2013-4236 1 Redhat 1 Enterprise Virtualization 2013-08-20 2.7
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete...
CVE-2013-0167 1 Redhat 1 Enterprise Virtualization 2013-08-20 2.7
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."
CVE-2013-2056 1 Redhat 1 Network Satellite 2013-07-31 5.0
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2011-1483 2 Hp, Redhat 7 Network Node Manager I, Jboss Communications Platform, Jboss Enterprise Brms Platform and 4 more 2013-07-29 5.0
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss...
CVE-2013-2144 1 Redhat 1 Enterprise Virtualization Manager 2013-07-04 5.0
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.
CVE-2011-2942 2 Linux, Redhat 2 Enterprise Linux, Linux Kernel 2013-06-10 6.8
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or...
CVE-2012-4550 1 Redhat 1 Jboss Enterprise Application Platform 2013-05-07 6.4
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being...