Total
205 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1714 | 3 Oracle, Qemu, Redhat | 3 Linux, Qemu, Openstack | 2025-04-12 | 6.9 MEDIUM | 8.1 HIGH |
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. | |||||
CVE-2015-7512 | 4 Debian, Oracle, Qemu and 1 more | 9 Debian Linux, Linux, Qemu and 6 more | 2025-04-12 | 6.8 MEDIUM | 9.0 CRITICAL |
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |||||
CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 24 Eos, Debian Linux, Fedora and 21 more | 2025-04-12 | 9.3 HIGH | N/A |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | |||||
CVE-2014-3621 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Keystone, Enterprise Linux and 1 more | 2025-04-12 | 4.0 MEDIUM | N/A |
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. | |||||
CVE-2015-5329 | 1 Redhat | 1 Openstack | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |||||
CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |||||
CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 4 Debian Linux, Chrome, Node.js and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
CVE-2013-4214 | 2 Nagios, Redhat | 2 Nagios, Openstack | 2025-04-11 | 6.3 MEDIUM | N/A |
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. | |||||
CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | 6.5 MEDIUM | N/A |
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
CVE-2013-2113 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 6.0 MEDIUM | N/A |
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. | |||||
CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2025-04-11 | 4.3 MEDIUM | N/A |
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2013-4185 | 2 Openstack, Redhat | 2 Compute, Openstack | 2025-04-11 | 4.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | |||||
CVE-2013-4182 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 7.5 HIGH | N/A |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||||
CVE-2013-4386 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. | |||||
CVE-2013-2121 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 6.0 MEDIUM | N/A |
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | |||||
CVE-2013-6391 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2025-04-11 | 5.8 MEDIUM | N/A |
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | |||||
CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 5.0 MEDIUM | N/A |
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||
CVE-2013-4261 | 2 Openstack, Redhat | 3 Folsom, Grizzly, Openstack | 2025-04-11 | 3.5 LOW | N/A |
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | |||||
CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2025-04-11 | 6.8 MEDIUM | N/A |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. |