libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or. Rated medium severity (CVSS 6.9). No vendor patch available.
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.3). No vendor patch available.
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. Rated low severity (CVSS 3.7). No vendor patch available.