Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0201 | 1 Redhat | 1 Rhevm-reports | 2023-02-12 | 2.1 LOW | N/A |
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | |||||
CVE-2014-0233 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.5 MEDIUM | N/A |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |||||
CVE-2014-0247 | 5 Canonical, Fedoraproject, Libreoffice and 2 more | 7 Ubuntu Linux, Fedora, Libreoffice and 4 more | 2023-02-12 | 10.0 HIGH | N/A |
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | |||||
CVE-2014-0200 | 1 Redhat | 1 Rhevm-reports | 2023-02-12 | 2.1 LOW | N/A |
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2014-0234 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
CVE-2014-0202 | 1 Redhat | 1 Rhevm-dwh | 2023-02-12 | 2.1 LOW | N/A |
The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | |||||
CVE-2014-0199 | 1 Redhat | 1 Rhevm-reports | 2023-02-12 | 2.1 LOW | N/A |
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | |||||
CVE-2014-0196 | 7 Canonical, Debian, F5 and 4 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2023-02-12 | 6.9 MEDIUM | N/A |
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. | |||||
CVE-2014-0189 | 2 Redhat, Virt-who Project | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2023-02-12 | 2.1 LOW | N/A |
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. | |||||
CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
CFME: CSRF protection vulnerability via permissive check of the referrer header | |||||
CVE-2014-0188 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | N/A |
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
CVE-2014-0176 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0186 | 1 Redhat | 1 Enterprise Linux | 2023-02-12 | 5.0 MEDIUM | N/A |
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression. | |||||
CVE-2014-0180 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2023-02-12 | 5.0 MEDIUM | N/A |
The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors. | |||||
CVE-2014-0184 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2023-02-12 | 4.9 MEDIUM | N/A |
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | |||||
CVE-2014-0179 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2023-02-12 | 1.9 LOW | N/A |
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. | |||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
mcollective has a default password set at install | |||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.1 LOW | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | |||||
CVE-2014-0152 | 2 Ovirt, Redhat | 2 Ovirt, Ovirt-engine | 2023-02-12 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2014-0151 | 1 Redhat | 1 Ovirt-engine | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. |