A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
Source: Red Hat, Inc.
Max CVSS
2.8
EPSS Score
0.06%
Published
2023-03-06
Updated
2023-03-13
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Source: Red Hat, Inc.
Max CVSS
2.3
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-04-03
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Source: Red Hat, Inc.
Max CVSS
2.5
EPSS Score
0.04%
Published
2021-06-09
Updated
2022-04-25
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug
Source: MITRE
Max CVSS
2.3
EPSS Score
0.04%
Published
2020-02-14
Updated
2024-05-17
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
Source: Red Hat, Inc.
Max CVSS
2.3
EPSS Score
0.05%
Published
2019-07-30
Updated
2020-10-02
gdm3 3.14.2 and possibly later has an information leak before screen lock
Source: MITRE
Max CVSS
2.4
EPSS Score
0.10%
Published
2019-11-05
Updated
2020-08-18
A password generation weakness exists in xquest through 2016-06-13.
Source: Red Hat, Inc.
Max CVSS
2.5
EPSS Score
0.05%
Published
2019-11-27
Updated
2023-02-12
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
Source: Oracle
Max CVSS
2.8
EPSS Score
0.35%
Published
2016-01-21
Updated
2019-04-22
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
Source: Oracle
Max CVSS
2.1
EPSS Score
0.70%
Published
2016-01-21
Updated
2018-10-30
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Source: Red Hat, Inc.
Max CVSS
2.5
EPSS Score
0.04%
Published
2016-04-11
Updated
2023-02-13
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.
Source: Red Hat, Inc.
Max CVSS
2.6
EPSS Score
0.04%
Published
2015-11-24
Updated
2016-12-07
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
Source: IBM Corporation
Max CVSS
2.1
EPSS Score
0.06%
Published
2015-12-07
Updated
2019-06-19
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Source: Oracle
Max CVSS
2.1
EPSS Score
0.54%
Published
2015-10-22
Updated
2016-12-24
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Source: Oracle
Max CVSS
2.8
EPSS Score
0.18%
Published
2015-10-21
Updated
2022-09-29

CVE-2015-3245

Public exploit
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-11
Updated
2023-02-13
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-06-08
Updated
2023-02-13
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-05-01
Updated
2023-02-12
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-09
Updated
2020-05-21
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-09
Updated
2023-02-13
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-12-19
Updated
2023-02-13
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-12-19
Updated
2023-02-13
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-08
Updated
2018-11-16
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-08
Updated
2018-11-16
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-06-17
Updated
2017-01-07
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Source: MITRE
Max CVSS
2.3
EPSS Score
0.04%
Published
2014-06-23
Updated
2020-08-21
159 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!