Total
1887 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15087 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
CVE-2017-15086 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
CVE-2014-0143 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. | |||||
CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | |||||
CVE-2017-15104 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | |||||
CVE-2017-15121 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||||
CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | |||||
CVE-2017-15102 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-20 | 6.9 MEDIUM | 6.3 MEDIUM |
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | |||||
CVE-2015-1795 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | |||||
CVE-2017-1000366 | 8 Debian, Gnu, Mcafee and 5 more | 20 Debian Linux, Glibc, Web Gateway and 17 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | |||||
CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||||
CVE-2015-7553 | 1 Redhat | 3 Enterprise Linux, Enterprise Mrg, Kernel-rt | 2025-04-20 | 4.7 MEDIUM | 4.7 MEDIUM |
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | |||||
CVE-2015-2877 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | 2.1 LOW | 3.3 LOW |
** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities. | |||||
CVE-2017-3106 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
CVE-2016-2568 | 2 Freedesktop, Redhat | 2 Polkit, Enterprise Linux | 2025-04-20 | 4.4 MEDIUM | 7.8 HIGH |
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||||
CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
CVE-2017-5973 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | |||||
CVE-2016-3616 | 4 Canonical, Debian, Libjpeg-turbo and 1 more | 4 Ubuntu Linux, Debian Linux, Libjpeg-turbo and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. |