CVE-2020-27825

all versions

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace

5.7MEDIUM

CVE-2020-27786

all versions

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to iss

7.8HIGH

CVE-2020-1749

all versions

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over

7.5HIGH

CVE-2020-10757

all versions

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local

7.8HIGH

CVE-2020-12826

all versions

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/li

5.3MEDIUM

CVE-2019-14898

all versions

The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain

7.0HIGH

CVE-2012-6685

all versions

Nokogiri before 1.5.4 is vulnerable to XXE attacks

7.5HIGH

CVE-2012-3460

all versions

cumin: At installation postgresql database user created without password

9.8CRITICAL

CVE-2014-8181

all versions

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive infor

5.5MEDIUM

CVE-2013-6461

all versions

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5MEDIUM

CVE-2013-6460

all versions

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5MEDIUM

CVE-2019-11478

all versions

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmente

5.3MEDIUM

CVE-2019-11477

all versions

Jonathan Looney discovered that the TCP_SKB_CB(skb)-tcp_gso_segs value was subject to an integer overflow in the Linux kernel when

7.5HIGH

CVE-2019-3459

all versions

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5MEDIUM

CVE-2018-16884

all versions

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time ca

8.0HIGH

CVE-2017-7482

all versions

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a fi

7.8HIGH

CVE-2014-8171

all versions

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawn

5.5MEDIUM

CVE-2017-15128

all versions

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check

5.5MEDIUM

CVE-2017-15127

all versions

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit

5.5MEDIUM

CVE-2014-3706

all versions

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key at

5.9MEDIUM

CVE-2015-7837

all versions

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot ena

5.5MEDIUM

CVE-2015-7553

all versions

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module

4.7MEDIUM

CVE-2016-3699

all versions

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabl

7.4HIGH

CVE-2016-4470

all versions

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data stru

5.5MEDIUM

CVE-2015-1350

all versions

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies re

5.5MEDIUM

CVE-2015-2922

all versions

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack i

CVE-2014-3687

all versions

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 al

7.5HIGH

CVE-2014-3673

all versions

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via

7.5HIGH

CVE-2012-2682

all versions

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to ca

CVE-2014-0174

all versions

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie head

CVE-2014-3940

all versions

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a de

CVE-2014-3917

all versions

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local

CVE-2013-6445

all versions

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, wh

CVE-2011-4930

all versions

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG

CVE-2013-4461

all versions

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute a

CVE-2013-4414

all versions

Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers

CVE-2013-4405

all versions

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow

CVE-2013-4404

all versions

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass i

CVE-2013-4255

all versions

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSP

CVE-2009-5136

all versions

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate

CVE-2013-4345

all versions

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for cont

CVE-2013-4284

all versions

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) vi

CVE-2013-1892

all versions

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, whic

CVE-2013-1909

all versions

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common

CVE-2013-2164

all versions

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sens

CVE-2013-3301

all versions

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereferen

CVE-2013-2015

all versions

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for

CVE-2013-2548

all versions

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel

CVE-2013-2547

all versions

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel

CVE-2013-2546

all versions

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for cop

CVE-2012-4462

all versions

aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a den

CVE-2013-1774

all versions

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of ser

CVE-2013-1773

all versions

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or caus

CVE-2012-3459

all versions

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to

CVE-2012-2735

all versions

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, al

CVE-2012-2734

all versions

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Real

CVE-2012-2685

all versions

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to

CVE-2012-2684

all versions

Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Ha

CVE-2012-2683

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, a

CVE-2012-2681

all versions

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to g

CVE-2012-2680

all versions

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to

CVE-2011-2699

all versions

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destin

7.5HIGH

CVE-2012-1097

all versions

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set meth

7.8HIGH

CVE-2012-1090

all versions

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS)

5.5MEDIUM

CVE-2011-2189

all versions

net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of ne

7.5HIGH

CVE-2011-2925

all versions

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which

CVE-2010-4526

all versions

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows re

CVE-2010-4179

all versions

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be conf

CVE-2009-5006

<= 1.2.2

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apach

CVE-2009-5005

<= 1.2.2

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other

CVE-2010-3701

<= 1.2

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (st

CVE-2010-3083

<= 1.2

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enab

CVE-2009-4133

all versions

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authentic