Total
307973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0144 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-11-21 | N/A | 8.6 HIGH |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | |||||
| CVE-2014-0104 | 1 Clusterlabs | 1 Fence-agents | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | |||||
| CVE-2014-0091 | 1 Theforeman | 1 Foreman | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Foreman has improper input validation which could lead to partial Denial of Service | |||||
| CVE-2014-0087 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | |||||
| CVE-2014-0084 | 1 Redhat | 1 Openshift Origin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | |||||
| CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | |||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | |||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | |||||
| CVE-2014-0014 | 1 Emberjs | 1 Ember.js | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | |||||
| CVE-2014-0013 | 1 Emberjs | 1 Ember.js | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | |||||
| CVE-2014-0011 | 1 Tigervnc | 1 Tigervnc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | |||||
| CVE-2013-7491 | 1 Perl | 1 Dbi | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||||
| CVE-2013-7490 | 2 Canonical, Perl | 2 Ubuntu Linux, Dbi | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||||
| CVE-2013-7489 | 1 Beakerbrowser | 1 Beaker | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | |||||
| CVE-2013-7488 | 2 Convert\, Fedoraproject | 2 \, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | |||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | |||||
| CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||