Redhat Enterprise Linux vulnerabilities

CVE-2014-3560 [HIGH] CWE-94 CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remo NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

CVE-2014-0179 [LOW] CWE-20 CVE-2014-0179: libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this is

CVE-2014-5177 [LOW] CVE-2014-5177: libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStora

CVE-2014-2483 [CRITICAL] CVE-2014-2483: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allo Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another ve

CVE-2014-4027 [LOW] CWE-200 CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.1 The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVE-2014-0186 [MEDIUM] CVE-2014-0186: A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote att A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

CVE-2014-0249 [LOW] CWE-264 CVE-2014-0249: The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

CVE-2014-0224 [HIGH] CWE-326 CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict proc OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS hand

CVE-2014-3470 [MEDIUM] CWE-476 CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0. The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

CVE-2014-3940 [MEDIUM] CWE-362 CVE-2014-3940: The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which al The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.

CVE-2014-0221 [MEDIUM] CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CVE-2014-3917 [LOW] CWE-200 CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certai kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

CVE-2014-0196 [MEDIUM] CWE-362 CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

CVE-2014-0150 [MEDIUM] CWE-189 CVE-2014-0150: Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlie Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

CVE-2011-3346 [MEDIUM] CWE-119 CVE-2011-3346: Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.

CVE-2013-7347 [LOW] CVE-2013-7347: Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attacker Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

CVE-2012-3359 [LOW] CWE-255 CVE-2012-3359: Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.

CVE-2014-0055 [MEDIUM] CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel packa The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

CVE-2011-4111 [MEDIUM] CWE-119 CVE-2011-4111: Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU b Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

CVE-2014-0081 [MEDIUM] CWE-79 CVE-2014-0081: Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_hel Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) numbe