Filtered by vendor Redhat
Subscribe
Total
5605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14464 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). | |||||
| CVE-2019-8672 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2018-9090 | 1 Redhat | 1 Tectonic | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. | |||||
| CVE-2019-16789 | 5 Agendaless, Debian, Fedoraproject and 2 more | 5 Waitress, Debian Linux, Fedora and 2 more | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | |||||
| CVE-2019-17016 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-2019-13728 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | |||||
| CVE-2019-13745 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | |||||
| CVE-2019-19066 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. | |||||
| CVE-2015-5201 | 1 Redhat | 2 Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | |||||
| CVE-2018-14881 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). | |||||
| CVE-2014-8140 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2018-10854 | 2 Linux, Redhat | 2 Linux Kernel, Cloudforms Management Engine | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field. | |||||
| CVE-2019-3834 | 1 Redhat | 1 Jboss Operations Network | 2024-02-28 | 6.8 MEDIUM | 7.3 HIGH |
| It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. | |||||
| CVE-2019-19340 | 1 Redhat | 2 Ansible Tower, Enterprise Linux | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. | |||||
| CVE-2019-3866 | 1 Redhat | 2 Openstack, Openstack-mistral | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. | |||||