Filtered by vendor Redhat
Subscribe
Total
5619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4744 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2024-02-28 | 10.0 HIGH | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. | |||||
| CVE-2010-2598 | 1 Redhat | 1 Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | N/A |
| LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2024-02-28 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2010-3868 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2024-02-28 | 5.8 MEDIUM | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | |||||
| CVE-2008-1447 | 6 Canonical, Cisco, Debian and 3 more | 8 Ubuntu Linux, Ios, Debian Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | 6.8 MEDIUM |
| The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." | |||||
| CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | |||||
| CVE-2008-5422 | 3 Novell, Redhat, Sun | 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
| Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | |||||
| CVE-2008-1423 | 2 Redhat, Xiph.org | 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis | 2024-02-28 | 9.3 HIGH | N/A |
| Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. | |||||
| CVE-2008-1615 | 2 Amd, Redhat | 3 Amd64, Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | |||||
| CVE-2009-1386 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
| ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | |||||
| CVE-2009-0714 | 5 Hp, Microsoft, Novell and 2 more | 5 Data Protector Express, Windows, Netware and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. | |||||
| CVE-2008-3522 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Virtualization | 2024-02-28 | 10.0 HIGH | N/A |
| Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | |||||
| CVE-2009-0577 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2024-02-28 | 6.8 MEDIUM | N/A |
| Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640. | |||||
| CVE-2007-6282 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 7.1 HIGH | N/A |
| The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | |||||
| CVE-2009-3939 | 7 Avaya, Canonical, Debian and 4 more | 18 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 15 more | 2024-02-28 | 6.6 MEDIUM | 7.1 HIGH |
| The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | |||||
| CVE-2008-1292 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2024-02-28 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | |||||
| CVE-2008-3825 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 4.4 MEDIUM | N/A |
| pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. | |||||
| CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2024-02-28 | 7.2 HIGH | N/A |
| The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | |||||
| CVE-2008-1945 | 6 Canonical, Debian, Opensuse and 3 more | 9 Ubuntu Linux, Debian Linux, Opensuse and 6 more | 2024-02-28 | 2.1 LOW | N/A |
| QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | |||||
| CVE-2008-3270 | 1 Redhat | 1 Enterprise Linux | 2024-02-28 | 2.6 LOW | N/A |
| yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | |||||