CVE-2018-16884 — CVSS 8.0 (high): A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make…
CVE-2020-27786 — CVSS 7.8 (high): A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl…
CVE-2012-1097 — CVSS 7.8 (high): The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods…
CVE-2017-7482 — CVSS 7.8 (high): In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This…
CVE-2020-10757 — CVSS 7.8 (high): A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker…
CVE-2011-2699 — CVSS 7.5 (high): The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination…
CVE-2014-3673 — CVSS 7.5 (high): The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a…
CVE-2019-11477 — CVSS 7.5 (high): Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when…
CVE-2014-3687 — CVSS 7.5 (high): The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows…
CVE-2012-2684 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat…
CVE-2013-4461 — CVSS 7.5 (high): SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary…
CVE-2020-1749 — CVSS 7.5 (high): A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6…
CVE-2010-4179 — CVSS 7.5 (high): The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so…
CVE-2011-2189 — CVSS 7.5 (high): net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network…
CVE-2016-3699 — CVSS 7.4 (high): The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled…
CVE-2013-3301 — CVSS 7.2 (high): The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and…
CVE-2010-4526 — CVSS 7.1 (high): Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote…
CVE-2019-14898 — CVSS 7.0 (high): The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive…
CVE-2013-4405 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote…
CVE-2012-2734 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and…
CVE-2019-3459 — CVSS 6.5 (medium): A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2013-4404 — CVSS 6.5 (medium): cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended…
CVE-2009-4133 — CVSS 6.5 (medium): Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated…
CVE-2013-1773 — CVSS 6.2 (medium): Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a…
CVE-2013-1892 — CVSS 6.0 (medium): MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows…
CVE-2014-3706 — CVSS 5.9 (medium): ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes…
CVE-2013-1909 — CVSS 5.8 (medium): The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name…
CVE-2012-2681 — CVSS 5.8 (medium): Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate…
CVE-2013-4345 — CVSS 5.8 (medium): Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for…
CVE-2020-27825 — CVSS 5.7 (medium): A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and…
CVE-2015-1350 — CVSS 5.5 (medium): The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing…
CVE-2014-8181 — CVSS 5.5 (medium): The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to…
CVE-2014-8171 — CVSS 5.5 (medium): The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2015-7837 — CVSS 5.5 (medium): The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled…
CVE-2012-1090 — CVSS 5.5 (medium): The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via…
CVE-2017-15128 — CVSS 5.5 (medium): A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could…
CVE-2017-15127 — CVSS 5.5 (medium): A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page…
CVE-2020-12826 — CVSS 5.3 (medium): A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in…
CVE-2019-11478 — CVSS 5.3 (medium): Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when…
CVE-2009-5005 — CVSS 5.0 (medium): The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other…
CVE-2013-4284 — CVSS 5.0 (medium): Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a…
CVE-2013-6445 — CVSS 5.0 (medium): Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes…
CVE-2012-2682 — CVSS 5.0 (medium): Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a…
CVE-2012-2680 — CVSS 5.0 (medium): Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to…
CVE-2012-2735 — CVSS 4.9 (medium): Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows…
CVE-2012-3459 — CVSS 4.9 (medium): Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify…
CVE-2015-7553 — CVSS 4.7 (medium): Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is…
CVE-2013-2015 — CVSS 4.7 (medium): The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for…
CVE-2011-2925 — CVSS 4.6 (medium): Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows…
CVE-2011-4930 — CVSS 4.4 (medium): Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and…
CVE-2013-4414 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to…
CVE-2010-3083 — CVSS 4.3 (medium): sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled…
CVE-2012-4462 — CVSS 4.3 (medium): aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of…
CVE-2012-2683 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid…
CVE-2014-0174 — CVSS 4.3 (medium): Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for…
CVE-2012-2685 — CVSS 4.0 (medium): Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a…
CVE-2014-3940 — CVSS 4.0 (medium): The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of…
CVE-2013-1774 — CVSS 4.0 (medium): The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service…
CVE-2009-5006 — CVSS 4.0 (medium): The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid…
CVE-2010-3701 — CVSS 4.0 (medium): lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack…
CVE-2009-5136 — CVSS 4.0 (medium): The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an…
CVE-2013-4255 — CVSS 3.5 (low): The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3)…
CVE-2014-3917 — CVSS 3.3 (low): kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to…
CVE-2015-2922 — CVSS 3.3 (low): The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the…
CVE-2013-2546 — CVSS 2.1 (low): The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying…
CVE-2013-2547 — CVSS 2.1 (low): The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through…
CVE-2013-2164 — CVSS 2.1 (low): The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive…
CVE-2013-2548 — CVSS 2.1 (low): The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through…