Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0001 3Mariadb OracleRedhat 6Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Apr 29, 2026 Jan 31, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVE-2014-1447 1Redhat 1Libvirt Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
CVE-2014-0028 1Redhat 1Libvirt Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConne...Show more libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.Show less
CVE-2013-6458 1Redhat 1Libvirt Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is att...Show more Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.Show less
CVE-2013-6457 1Redhat 1Libvirt Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 5.2 MEDIUM· v2 The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free o...Show more The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.Show less
CVE-2013-6434 1Redhat 1Enterprise Virtualization Manager Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-mi...Show more The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.Show less
CVE-2013-1886 1Redhat 2Certificate System Dogtag Certificate System Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service...Show more Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.Show less
CVE-2013-1885 1Redhat 2Certificate System Dogtag Certificate System Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbit...Show more Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/.Show less
CVE-2013-6443 1Redhat 2Cloudforms Cloudforms 3.0 Management Engine Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a reque...Show more CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.Show less
CVE-2013-6448 1Redhat 1Jboss Seam 2 Framework Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain inf...Show more The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.Show less
CVE-2013-6447 1Redhat 1Jboss Seam 2 Framework Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss We...Show more Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.Show less
CVE-2013-2152 1Redhat 1Enterprise Virtualization Apr 29, 2026 Jan 21, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
CVE-2013-2151 1Redhat 1Enterprise Virtualization Apr 29, 2026 Jan 21, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.
CVE-2013-2185 2Apache Redhat 3Jboss Enterprise Application Platform Jboss Enterprise Portal PlatformTomcat Apr 29, 2026 Jan 19, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary...Show more The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issueShow less
CVE-2013-6425 5Canonical DebianOpensuse+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Apr 29, 2026 Jan 18, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom...Show more Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.Show less
CVE-2013-5870 3Hp OracleRedhat 10Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node SupplementaryEnterprise Linux Server Supplementary+7 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
CVE-2014-0437 5Canonical DebianMariadb+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related...Show more Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.Show less
CVE-2014-0420 5Canonical DebianMariadb+2 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 2.8 LOW· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
CVE-2014-0418 3Hp OracleRedhat 10Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node SupplementaryEnterprise Linux Server Supplementary+7 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-...Show more Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.Show less
CVE-2014-0412 5Canonical DebianMariadb+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related...Show more Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.Show less

Previous 1...228229230...284 Next