Filtered by vendor Redhat
Subscribe
Total
5605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13727 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
CVE-2019-19012 | 4 Debian, Fedoraproject, Oniguruma Project and 1 more | 4 Debian Linux, Fedora, Oniguruma and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. | |||||
CVE-2013-2103 | 1 Redhat | 1 Openshift | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
OpenShift cartridge allows remote URL retrieval | |||||
CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | |||||
CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |||||
CVE-2019-14860 | 1 Redhat | 2 Fuse, Syndesis | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. | |||||
CVE-2019-2999 | 6 Canonical, Debian, Netapp and 3 more | 19 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 16 more | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2012-5562 | 1 Redhat | 1 Satellite | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | |||||
CVE-2020-0603 | 2 Microsoft, Redhat | 3 Asp.net Core, Enterprise Linux, Enterprise Linux Eus | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. | |||||
CVE-2019-2962 | 6 Canonical, Debian, Netapp and 3 more | 19 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 16 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2019-19072 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. | |||||
CVE-2019-17596 | 6 Arista, Debian, Fedoraproject and 3 more | 11 Cloudvision Portal, Eos, Mos and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | |||||
CVE-2010-0737 | 1 Redhat | 1 Jboss Operations Network | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | |||||
CVE-2019-13723 | 4 Fedoraproject, Google, Opensuse and 1 more | 6 Fedora, Chrome, Backports and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-11291 | 2 Redhat, Vmware | 2 Openstack, Rabbitmq | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. | |||||
CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
CVE-2011-2487 | 2 Apache, Redhat | 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | |||||
CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-02-28 | 2.6 LOW | 5.9 MEDIUM |
Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
CVE-2011-3585 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. | |||||
CVE-2014-2686 | 1 Redhat | 1 Ansible | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Ansible prior to 1.5.4 mishandles the evaluation of some strings. |