Redhat: Security Vulnerabilities
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVSS Score
4.0
EPSS Score
0.007
Published
2014-10-31
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
CVSS Score
4.0
EPSS Score
0.011
Published
2014-10-31
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.002
Published
2014-10-27
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-10-25
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
CVSS Score
5.0
EPSS Score
0.006
Published
2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVSS Score
5.0
EPSS Score
0.031
Published
2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
CVSS Score
7.5
EPSS Score
0.052
Published
2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
CVSS Score
7.5
EPSS Score
0.015
Published
2014-10-22
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
CVSS Score
6.5
EPSS Score
0.005
Published
2014-10-18
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.001
Published
2014-10-16