Total
249 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5981 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Linux | 2024-09-16 | N/A | 5.9 MEDIUM |
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | |||||
CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2024-08-01 | 10.0 HIGH | 9.8 CRITICAL |
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
CVE-2023-3430 | 2 Openimageio, Redhat | 2 Openimageio, Linux | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. | |||||
CVE-2021-20567 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | |||||
CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | |||||
CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker. | |||||
CVE-2019-4579 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. | |||||
CVE-2019-4533 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. | |||||
CVE-2019-0223 | 2 Apache, Redhat | 11 Qpid, Enterprise Linux Desktop, Enterprise Linux Eus and 8 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. | |||||
CVE-2018-10864 | 1 Redhat | 2 Certification, Linux | 2024-02-28 | 5.0 MEDIUM | 6.2 MEDIUM |
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. | |||||
CVE-2018-20346 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | |||||
CVE-2018-17962 | 6 Canonical, Debian, Oracle and 3 more | 6 Ubuntu Linux, Debian Linux, Linux and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | |||||
CVE-2018-7110 | 2 Hpe, Redhat | 2 Service Governance Framework, Linux | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler. | |||||
CVE-2018-14655 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | |||||
CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
CVE-2018-1041 | 2 Jboss, Redhat | 3 Jboss-remoting, Jboss Enterprise Application Platform, Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | |||||
CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
CVE-2016-3699 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Mrg, Linux | 2024-02-28 | 6.9 MEDIUM | 7.4 HIGH |
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | |||||
CVE-2009-0714 | 5 Hp, Microsoft, Novell and 2 more | 5 Data Protector Express, Windows, Netware and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. | |||||
CVE-2008-6560 | 1 Redhat | 3 Cman, Fedora, Linux | 2024-02-28 | 7.8 HIGH | N/A |
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. |