Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5579 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2025-04-20 | 6.5 Medium |
| Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | ||||
| CVE-2017-9524 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2025-04-20 | 7.5 High |
| The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. | ||||
| CVE-2025-21613 | 2 Go-git Project, Redhat | 9 Go-git, Advanced Cluster Security, Enterprise Linux and 6 more | 2025-04-17 | 9.8 Critical |
| go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. | ||||
| CVE-2022-38065 | 1 Redhat | 1 Openstack | 2025-04-15 | 8.8 High |
| A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | ||||
| CVE-2022-3064 | 2 Redhat, Yaml Project | 7 Enterprise Linux, Openshift, Openshift Devspaces and 4 more | 2025-04-14 | 7.5 High |
| Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. | ||||
| CVE-2016-6888 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 4.4 Medium |
| Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | ||||
| CVE-2015-8818 | 2 Qemu, Redhat | 2 Qemu, Openstack | 2025-04-12 | 5.5 Medium |
| The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | ||||
| CVE-2016-7422 | 3 Opensuse, Qemu, Redhat | 5 Leap, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 6.0 Medium |
| The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. | ||||
| CVE-2015-7548 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. | ||||
| CVE-2016-1714 | 3 Oracle, Qemu, Redhat | 4 Linux, Qemu, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. | ||||
| CVE-2015-8817 | 2 Qemu, Redhat | 2 Qemu, Openstack | 2025-04-12 | N/A |
| QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. | ||||
| CVE-2014-3708 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | ||||
| CVE-2013-6470 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | ||||
| CVE-2014-6507 | 4 Mariadb, Oracle, Redhat and 1 more | 10 Mariadb, Mysql, Solaris and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | ||||
| CVE-2016-5403 | 5 Canonical, Debian, Oracle and 2 more | 15 Ubuntu Linux, Debian Linux, Linux and 12 more | 2025-04-12 | 5.5 Medium |
| The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | ||||
| CVE-2013-4541 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | ||||
| CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 6.0 Medium |
| The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | ||||
| CVE-2014-4287 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. | ||||
| CVE-2014-4258 | 7 Debian, Mariadb, Opensuse Project and 4 more | 15 Debian Linux, Mariadb, Suse Linux Enterprise Desktop and 12 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | ||||
| CVE-2015-5225 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. | ||||