ReportizFlow
Filtered by vendor
Subscriptions
Total
323399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0158 | 2 Opensuse, Uclouvain | 2 Opensuse, Openjpeg | 2024-11-21 | N/A |
| Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." | ||||
| CVE-2014-0156 | 1 Manageiq | 1 Awesomespawn | 2024-11-21 | 9.8 Critical |
| Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. | ||||
| CVE-2014-0148 | 2 Qemu, Redhat | 11 Qemu, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | 5.5 Medium |
| Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | ||||
| CVE-2014-0147 | 3 Fedoraproject, Qemu, Redhat | 12 Fedora, Qemu, Enterprise Linux and 9 more | 2024-11-21 | 6.2 Medium |
| Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | ||||
| CVE-2014-0144 | 2 Qemu, Redhat | 11 Qemu, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | 8.6 High |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | ||||
| CVE-2014-0104 | 1 Clusterlabs | 1 Fence-agents | 2024-11-21 | 5.9 Medium |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | ||||
| CVE-2014-0091 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 5.3 Medium |
| Foreman has improper input validation which could lead to partial Denial of Service | ||||
| CVE-2014-0087 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | ||||
| CVE-2014-0084 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-11-21 | 5.5 Medium |
| Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | ||||
| CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2024-11-21 | 5.5 Medium |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | ||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 5.5 Medium |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | ||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 9.8 Critical |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 6.5 Medium |
| katello-headpin is vulnerable to CSRF in REST API | ||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.8 High |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | ||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-11-21 | 7.5 High |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | ||||
| CVE-2014-0014 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | ||||
| CVE-2014-0013 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | ||||
| CVE-2014-0011 | 1 Tigervnc | 1 Tigervnc | 2024-11-21 | 9.8 Critical |
| Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | ||||
| CVE-2013-7491 | 1 Perl | 1 Dbi | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | ||||
| CVE-2013-7490 | 2 Canonical, Perl | 2 Ubuntu Linux, Dbi | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | ||||