Filtered by vendor Redhat
Subscribe
Total
5620 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4300 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | |||||
CVE-2013-7398 | 2 Async-http-client Project, Redhat | 2 Async-http-client, Jboss Fuse | 2024-02-28 | 4.3 MEDIUM | N/A |
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | |||||
CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 9 Content Security Management Appliance, Node.js, Openssl and 6 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | |||||
CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||||
CVE-2015-5229 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | |||||
CVE-2016-7862 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-2857 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-02-28 | 3.6 LOW | 8.4 HIGH |
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |||||
CVE-2016-0793 | 2 Microsoft, Redhat | 2 Windows, Jboss Wildfly Application Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | |||||
CVE-2016-2149 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | |||||
CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |||||
CVE-2016-0695 | 2 Oracle, Redhat | 12 Jdk, Jre, Jrockit and 9 more | 2024-02-28 | 2.6 LOW | 5.9 MEDIUM |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | |||||
CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
CVE-2015-4861 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||||
CVE-2015-4148 | 3 Apple, Php, Redhat | 8 Mac Os X, Php, Enterprise Linux Desktop and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. | |||||
CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-02-28 | 2.1 LOW | 8.4 HIGH |
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | |||||
CVE-2015-5329 | 1 Redhat | 1 Openstack | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |||||
CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||||
CVE-2016-3708 | 1 Redhat | 1 Openshift | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. |