Filtered by vendor Redhat
Subscribe
Total
5620 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3544 | 4 Debian, Google, Oracle and 1 more | 13 Debian Linux, Android, Jdk and 10 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2016-9446 | 3 Fedoraproject, Gstreamer Project, Redhat | 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |||||
CVE-2016-10165 | 6 Canonical, Debian, Littlecms and 3 more | 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | |||||
CVE-2017-5202 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||||
CVE-2017-5035 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | |||||
CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-6888 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | |||||
CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
CVE-2017-6011 | 3 Debian, Icoutils Project, Redhat | 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | |||||
CVE-2017-5040 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. | |||||
CVE-2016-6338 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | |||||
CVE-2016-7060 | 1 Redhat | 1 Quickstart Cloud Installer | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
CVE-2016-9675 | 2 Redhat, Uclouvain | 5 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Power Big Endian and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. | |||||
CVE-2017-3308 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2024-02-28 | 4.0 MEDIUM | 7.7 HIGH |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
CVE-2017-3073 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-8309 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |||||
CVE-2017-3464 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
CVE-2016-6835 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-02-28 | 2.1 LOW | 6.0 MEDIUM |
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. | |||||
CVE-2016-9636 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. |