Filtered by vendor Redhat
Subscribe
Total
5620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4913 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-02-28 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. | |||||
| CVE-2015-5273 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2024-02-28 | 3.6 LOW | N/A |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2024-02-28 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||
| CVE-2016-4993 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2016-1683 | 7 Canonical, Debian, Google and 4 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2015-7498 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | |||||
| CVE-2016-1696 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2016-3097 | 1 Redhat | 1 Satellite | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | |||||
| CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
| CVE-2015-3411 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | |||||
| CVE-2016-4148 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | |||||
| CVE-2015-0284 | 1 Redhat | 2 Satellite, Spacewalk-java | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811. | |||||
| CVE-2015-5295 | 4 Fedoraproject, Openstack, Oracle and 1 more | 4 Fedora, Orchestration Api, Solaris and 1 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | |||||
| CVE-2016-1699 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. | |||||
| CVE-2016-1695 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-4154 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-5392 | 1 Redhat | 1 Openshift | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. | |||||
| CVE-2016-0616 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2024-02-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2016-1000007 | 1 Redhat | 1 Pagure | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagure 2.2.1 XSS in raw file endpoint | |||||