Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Linux
Total 249 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5981 3 Fedoraproject, Gnu, Redhat 3 Fedora, Gnutls, Linux 2024-11-21 N/A 5.9 MEDIUM
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVE-2023-3430 2 Openimageio, Redhat 2 Openimageio, Linux 2024-11-21 N/A 7.5 HIGH
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
CVE-2021-23827 4 Apple, Keybase, Microsoft and 1 more 4 Macos, Keybase, Windows and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
CVE-2021-20567 2 Ibm, Redhat 2 Resilient Security Orchestration Automation And Response, Linux 2024-11-21 2.1 LOW 4.4 MEDIUM
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
CVE-2021-20566 2 Ibm, Redhat 2 Resilient Security Orchestration Automation And Response, Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238.
CVE-2019-4579 2 Ibm, Redhat 2 Resilient Security Orchestration Automation And Response, Linux 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.
CVE-2019-4533 2 Ibm, Redhat 2 Resilient Security Orchestration Automation And Response, Linux 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.
CVE-2019-0223 2 Apache, Redhat 11 Qpid, Enterprise Linux Desktop, Enterprise Linux Eus and 8 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
CVE-2018-7110 2 Hpe, Redhat 2 Service Governance Framework, Linux 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.
CVE-2018-20346 5 Debian, Google, Opensuse and 2 more 5 Debian Linux, Chrome, Leap and 2 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CVE-2018-1041 2 Jboss, Redhat 3 Jboss-remoting, Jboss Enterprise Application Platform, Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
CVE-2018-17962 6 Canonical, Debian, Oracle and 3 more 6 Ubuntu Linux, Debian Linux, Linux and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-14657 1 Redhat 3 Keycloak, Linux, Single Sign-on 2024-11-21 4.3 MEDIUM 8.1 HIGH
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
CVE-2018-14655 1 Redhat 3 Keycloak, Linux, Single Sign-on 2024-11-21 3.5 LOW 4.6 MEDIUM
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
CVE-2018-10864 1 Redhat 2 Certification, Linux 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.
CVE-2016-3699 2 Linux, Redhat 3 Linux Kernel, Enterprise Mrg, Linux 2024-11-21 6.9 MEDIUM 7.4 HIGH
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
CVE-2014-3250 3 Apache, Puppet, Redhat 3 Http Server, Puppet, Linux 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
CVE-2009-0714 5 Hp, Microsoft, Novell and 2 more 5 Data Protector Express, Windows, Netware and 2 more 2024-11-21 7.2 HIGH N/A
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
CVE-2008-6560 1 Redhat 3 Cman, Fedora, Linux 2024-11-21 7.8 HIGH N/A
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.
CVE-2008-2427 4 Freebsd, Microsoft, Pagesperso-orange and 1 more 6 Freebsd, Windows Nt, Gfl Sdk and 3 more 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.