Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6399 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | ||||
| CVE-2016-0738 | 2 Openstack, Redhat | 3 Swift, Openstack, Storage | 2025-04-12 | N/A |
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | ||||
| CVE-2014-6555 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | ||||
| CVE-2016-9911 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 6.5 Medium |
| Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | ||||
| CVE-2014-6520 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. | ||||
| CVE-2014-3497 | 2 Openstack, Redhat | 2 Swift, Openstack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. | ||||
| CVE-2015-5279 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||||
| CVE-2016-6888 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 4.4 Medium |
| Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | ||||
| CVE-2015-1881 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. | ||||
| CVE-2014-4258 | 7 Debian, Mariadb, Opensuse Project and 4 more | 15 Debian Linux, Mariadb, Suse Linux Enterprise Desktop and 12 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | ||||
| CVE-2015-5163 | 2 Openstack, Redhat | 2 Glance, Openstack | 2025-04-12 | N/A |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | ||||
| CVE-2016-9907 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 6.5 Medium |
| Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | ||||
| CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2025-04-12 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | ||||
| CVE-2014-0071 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | ||||
| CVE-2014-0222 | 3 Qemu, Redhat, Suse | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2025-04-12 | N/A |
| Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | ||||
| CVE-2016-8909 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 6.0 Medium |
| The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | ||||
| CVE-2015-5225 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. | ||||
| CVE-2014-0473 | 3 Canonical, Djangoproject, Redhat | 3 Ubuntu Linux, Django, Openstack | 2025-04-12 | N/A |
| The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | ||||
| CVE-2016-6662 | 5 Debian, Mariadb, Oracle and 2 more | 13 Debian Linux, Mariadb, Mysql and 10 more | 2025-04-12 | N/A |
| Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. | ||||
| CVE-2014-3475 | 3 Openstack, Opensuse, Redhat | 3 Horizon, Opensuse, Openstack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | ||||