Filtered by vendor Redhat
Subscribe
Total
5605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2222 | 1 Redhat | 2 389 Directory Server, Directory Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | |||||
CVE-2018-14469 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). | |||||
CVE-2019-13726 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
CVE-2019-13747 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Android and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-10214 | 5 Buildah Project, Libpod Project, Opensuse and 2 more | 6 Buildah, Libpod, Leap and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens. | |||||
CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
OpenShift Origin: Improperly validated team names could allow stored XSS attacks | |||||
CVE-2019-10212 | 2 Netapp, Redhat | 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more | 2024-02-28 | 4.3 MEDIUM | 9.8 CRITICAL |
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | |||||
CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
cumin: At installation postgresql database user created without password | |||||
CVE-2019-13742 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Iphone Os, Debian Linux, Fedora and 5 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-02-28 | 2.1 LOW | 3.3 LOW |
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | |||||
CVE-2019-10174 | 3 Infinispan, Netapp, Redhat | 8 Infinispan, Active Iq Unified Manager, Enterprise Linux and 5 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. | |||||
CVE-2009-4067 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | |||||
CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
mcollective has a default password set at install | |||||
CVE-2019-11255 | 2 Kubernetes, Redhat | 4 External-provisioner, External-resizer, External-snapshotter and 1 more | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | |||||
CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |||||
CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
CVE-2019-10222 | 3 Ceph, Fedoraproject, Redhat | 3 Ceph, Fedora, Ceph Storage | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | |||||
CVE-2019-19341 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. | |||||
CVE-2019-13725 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |