Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3691 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-12 | 7.5 HIGH | N/A |
| Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. | |||||
| CVE-2014-3708 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | |||||
| CVE-2016-4985 | 2 Canonical, Redhat | 2 Openstack Ironic, Openstack | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | |||||
| CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |||||
| CVE-2015-5329 | 1 Redhat | 1 Openstack | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |||||
| CVE-2014-3615 | 5 Canonical, Debian, Opensuse and 2 more | 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more | 2025-04-12 | 2.1 LOW | N/A |
| The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||||
| CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 24 Eos, Debian Linux, Fedora and 21 more | 2025-04-12 | 9.3 HIGH | N/A |
| The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | |||||
| CVE-2015-5295 | 4 Fedoraproject, Openstack, Oracle and 1 more | 4 Fedora, Orchestration Api, Solaris and 1 more | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | |||||
| CVE-2016-6662 | 5 Debian, Mariadb, Oracle and 2 more | 12 Debian Linux, Mariadb, Mysql and 9 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. | |||||
| CVE-2015-5225 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Openstack | 2025-04-12 | 7.2 HIGH | N/A |
| Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. | |||||
| CVE-2014-7821 | 3 Fedoraproject, Openstack, Redhat | 3 Fedora, Neutron, Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | |||||
| CVE-2015-3456 | 3 Qemu, Redhat, Xen | 5 Qemu, Enterprise Linux, Enterprise Virtualization and 2 more | 2025-04-12 | 7.7 HIGH | N/A |
| The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. | |||||
| CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
| CVE-2016-1568 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 6.9 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. | |||||
| CVE-2016-6888 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
| Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | |||||
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | |||||
| CVE-2015-1842 | 1 Redhat | 1 Openstack | 2025-04-12 | 10.0 HIGH | N/A |
| The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | |||||
| CVE-2016-8576 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | |||||
| CVE-2016-9921 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | |||||
| CVE-2016-8909 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | |||||