Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0056 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | ||||
| CVE-2014-0042 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. | ||||
| CVE-2016-0737 | 2 Openstack, Redhat | 3 Swift, Openstack, Storage | 2025-04-12 | N/A |
| OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | ||||
| CVE-2014-0223 | 3 Qemu, Redhat, Suse | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2025-04-12 | N/A |
| Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. | ||||
| CVE-2014-2525 | 3 Opensuse, Pyyaml, Redhat | 6 Leap, Opensuse, Libyaml and 3 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. | ||||
| CVE-2014-6568 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. | ||||
| CVE-2015-0374 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. | ||||
| CVE-2015-2573 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | ||||
| CVE-2015-8818 | 2 Qemu, Redhat | 2 Qemu, Openstack | 2025-04-12 | 5.5 Medium |
| The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | ||||
| CVE-2015-8817 | 2 Qemu, Redhat | 2 Qemu, Openstack | 2025-04-12 | N/A |
| QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. | ||||
| CVE-2014-0041 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors. | ||||
| CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Leap, Opensuse and 3 more | 2025-04-12 | 7.5 High |
| Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | ||||
| CVE-2014-6484 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. | ||||
| CVE-2015-7548 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. | ||||
| CVE-2013-7436 | 2 Kanaka, Redhat | 2 Novnc, Openstack | 2025-04-12 | N/A |
| noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2014-3555 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. | ||||
| CVE-2014-6505 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE. | ||||
| CVE-2014-2494 | 5 Debian, Mariadb, Oracle and 2 more | 10 Debian Linux, Mariadb, Mysql and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. | ||||
| CVE-2015-5279 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||||
| CVE-2014-4207 | 5 Debian, Mariadb, Oracle and 2 more | 10 Debian Linux, Mariadb, Mysql and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. | ||||