Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 5630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5908 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2024-02-28 2.6 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
CVE-2012-2035 8 Adobe, Apple, Google and 5 more 13 Air, Flash Player, Macos and 10 more 2024-02-28 9.3 HIGH N/A
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2728 8 Adobe, Apple, Google and 5 more 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more 2024-02-28 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2012-1938 4 Mozilla, Opensuse, Redhat and 1 more 13 Firefox, Seamonkey, Thunderbird and 10 more 2024-02-28 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
CVE-2013-2389 3 Mariadb, Oracle, Redhat 6 Mariadb, Mysql, Enterprise Linux Desktop and 3 more 2024-02-28 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2013-2548 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2024-02-28 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-5605 1 Redhat 1 Cloudforms 2024-02-28 2.1 LOW N/A
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
CVE-2012-3459 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2024-02-28 4.9 MEDIUM N/A
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
CVE-2011-1182 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more 2024-02-28 3.6 LOW N/A
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
CVE-2011-3193 5 Canonical, Gnome, Opensuse and 2 more 8 Ubuntu Linux, Pango, Opensuse and 5 more 2024-02-28 9.3 HIGH N/A
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2012-4549 1 Redhat 1 Jboss Enterprise Application Platform 2024-02-28 5.8 MEDIUM N/A
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.
CVE-2012-4550 1 Redhat 1 Jboss Enterprise Application Platform 2024-02-28 6.4 MEDIUM N/A
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.
CVE-2013-5618 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
CVE-2012-5516 1 Redhat 1 Enterprise Virtualization Manager 2024-02-28 2.1 LOW N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
CVE-2013-2174 4 Canonical, Haxx, Opensuse and 1 more 5 Ubuntu Linux, Curl, Libcurl and 2 more 2024-02-28 6.8 MEDIUM N/A
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
CVE-2013-0219 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2024-02-28 3.7 LOW N/A
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
CVE-2014-0402 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2024-02-28 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
CVE-2012-0067 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2024-02-28 4.3 MEDIUM N/A
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
CVE-2012-2679 1 Redhat 1 Rhncfg 2024-02-28 2.1 LOW N/A
Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file.
CVE-2012-5509 1 Redhat 1 Cloudforms Cloud Engine 2024-02-28 2.1 LOW N/A
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.