Total
1812 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3615 | 5 Canonical, Debian, Opensuse and 2 more | 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more | 2024-02-04 | 2.1 LOW | N/A |
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||||
CVE-2014-8080 | 4 Canonical, Opensuse, Redhat and 1 more | 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | |||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2024-02-04 | 4.3 MEDIUM | 3.4 LOW |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
CVE-2015-0412 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2024-02-04 | 7.2 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | |||||
CVE-2014-7815 | 5 Canonical, Debian, Qemu and 2 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | |||||
CVE-2014-0001 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. | |||||
CVE-2014-8158 | 4 Debian, Jasper Project, Opensuse and 1 more | 4 Debian Linux, Jasper, Opensuse and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | |||||
CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2024-02-04 | 5.0 MEDIUM | N/A |
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
CVE-2014-3646 | 6 Canonical, Debian, Linux and 3 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-02-04 | 4.7 MEDIUM | 5.5 MEDIUM |
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
CVE-2014-3562 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. | |||||
CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2024-02-04 | 4.3 MEDIUM | N/A |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | |||||
CVE-2011-1773 | 2 Matthew Booth, Redhat | 2 Virt-v2v, Enterprise Linux | 2024-02-04 | 4.4 MEDIUM | N/A |
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. | |||||
CVE-2015-0408 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | |||||
CVE-2015-0240 | 4 Canonical, Novell, Redhat and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. | |||||
CVE-2015-0383 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-04 | 5.4 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. | |||||
CVE-2014-3611 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. | |||||
CVE-2014-4027 | 5 Canonical, F5, Linux and 2 more | 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more | 2024-02-04 | 2.3 LOW | N/A |
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. | |||||
CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-3673 | 7 Canonical, Debian, Linux and 4 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | |||||
CVE-2013-5364 | 2 Redhat, Secunia | 2 Enterprise Linux, Csi Agent | 2024-02-04 | 3.6 LOW | N/A |
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file. |