Filtered by vendor Redhat
Subscribe
Total
5605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
CVE-2019-17531 | 5 Debian, Fasterxml, Netapp and 2 more | 23 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 20 more | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. | |||||
CVE-2019-8689 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2019-16994 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. | |||||
CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | |||||
CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | |||||
CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | |||||
CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2024-02-28 | 2.1 LOW | 2.4 LOW |
gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | |||||
CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | |||||
CVE-2019-11135 | 9 Canonical, Debian, Fedoraproject and 6 more | 304 Ubuntu Linux, Debian Linux, Fedora and 301 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | |||||
CVE-2019-11745 | 6 Canonical, Debian, Mozilla and 3 more | 23 Ubuntu Linux, Debian Linux, Firefox and 20 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
CVE-2019-13761 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
CVE-2019-14815 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Altavault, Baseboard Management Controller and 15 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. | |||||
CVE-2020-1704 | 1 Redhat | 1 Openshift Service Mesh | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2024-02-28 | 1.9 LOW | 3.3 LOW |
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. |