Filtered by vendor Redhat
Subscribe
Total
5619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3538 | 1 Redhat | 1 Cloudforms | 2024-02-28 | 3.3 LOW | N/A |
| Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | |||||
| CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 4.0 MEDIUM | N/A |
| The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||
| CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2024-02-28 | 5.4 MEDIUM | N/A |
| The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | |||||
| CVE-2012-6545 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 1.9 LOW | N/A |
| The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
| CVE-2012-3160 | 5 Canonical, Debian, Mariadb and 2 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2024-02-28 | 2.1 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. | |||||
| CVE-2012-3369 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2024-02-28 | 4.0 MEDIUM | N/A |
| The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. | |||||
| CVE-2013-1521 | 3 Mariadb, Oracle, Redhat | 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. | |||||
| CVE-2012-3163 | 6 Canonical, Debian, F5 and 3 more | 21 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 18 more | 2024-02-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | |||||
| CVE-2013-4373 | 1 Redhat | 1 Jboss Operations Network | 2024-02-28 | 3.2 LOW | N/A |
| The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | |||||
| CVE-2013-1773 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-02-28 | 6.2 MEDIUM | N/A |
| Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. | |||||
| CVE-2013-4342 | 2 Redhat, Xinetd | 2 Enterprise Linux, Xinetd | 2024-02-28 | 7.6 HIGH | N/A |
| xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. | |||||
| CVE-2013-1591 | 2 Palemoon, Redhat | 3 Pale Moon, Enterprise Linux, Enterprise Virtualization | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. | |||||
| CVE-2010-0013 | 6 Adium, Fedoraproject, Opensuse and 3 more | 7 Adium, Fedora, Opensuse and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. | |||||
| CVE-2009-3556 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 1.9 LOW | N/A |
| A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | |||||
| CVE-2010-0428 | 1 Redhat | 2 Enterprise Virtualization, Qspice | 2024-02-28 | 6.6 MEDIUM | N/A |
| libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2010-4238 | 3 Citrix, Linux, Redhat | 3 Xen, Linux Kernel, Enterprise Linux | 2024-02-28 | 5.5 MEDIUM | N/A |
| The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4622 | 1 Redhat | 1 Kvm | 2024-02-28 | 4.9 MEDIUM | N/A |
| The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. | |||||
| CVE-2011-2821 | 4 Apple, Debian, Google and 1 more | 8 Iphone Os, Mac Os X, Debian Linux and 5 more | 2024-02-28 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | |||||
| CVE-2011-4346 | 1 Redhat | 2 Enterprise Linux, Satellite | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. | |||||
| CVE-2010-0435 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2024-02-28 | 4.6 MEDIUM | N/A |
| The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | |||||