Filtered by vendor Redhat
Subscribe
Search
Total
4673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6495 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Portal | 2019-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBossWeb Bayeux has reflected XSS | |||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2019-12-13 | 5.5 MEDIUM | 8.1 HIGH |
| OpenShift cartridge allows remote URL retrieval | |||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2019-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | |||||
| CVE-2011-2515 | 3 Debian, Packagekit Project, Redhat | 3 Debian Linux, Packagekit, Enterprise Linux Server | 2019-12-11 | 4.6 MEDIUM | 5.3 MEDIUM |
| PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | |||||
| CVE-2011-3609 | 1 Redhat | 1 Jboss Application Server | 2019-12-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. | |||||
| CVE-2011-3606 | 1 Redhat | 1 Jboss Application Server | 2019-12-11 | 3.5 LOW | 5.4 MEDIUM |
| A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution. | |||||
| CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2019-12-11 | 3.5 LOW | 5.4 MEDIUM |
| Katello has multiple XSS issues in various entities | |||||
| CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2019-12-11 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
| CVE-2019-14845 | 1 Redhat | 1 Openshift | 2019-12-11 | 2.9 LOW | 5.3 MEDIUM |
| A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. | |||||
| CVE-2014-3656 | 1 Redhat | 1 Jboss Keycloak | 2019-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: XSS in login-status-iframe.html | |||||
| CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2019-12-10 | 3.3 LOW | 6.5 MEDIUM |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | |||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2019-12-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2019-12-04 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
| CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2019-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| libuser has information disclosure when moving user's home directory | |||||
| CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2019-12-04 | 3.3 LOW | 6.3 MEDIUM |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |||||
| CVE-2018-10854 | 2 Linux, Redhat | 2 Linux Kernel, Cloudforms Management Engine | 2019-12-04 | 3.5 LOW | 5.4 MEDIUM |
| cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field. | |||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | |||||
| CVE-2012-0877 | 2 Python, Redhat | 3 Pyxml, Enterprise Linux, Enterprise Virtualization Hypervisor | 2019-12-03 | 7.8 HIGH | 7.5 HIGH |
| PyXML: Hash table collisions CPU usage Denial of Service | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2019-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2019-10223 | 3 Kubernetes, Linux, Redhat | 3 Kube-state-metrics, Linux Kernel, Openshift Container Platform | 2019-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
| CVE-2014-0084 | 1 Redhat | 1 Openshift Origin | 2019-11-25 | 2.1 LOW | 5.5 MEDIUM |
| Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | |||||
| CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2019-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2019-11-25 | 3.3 LOW | 4.7 MEDIUM |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle before 2.2.2 has users' private files included in course backups | |||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 6.4 MEDIUM | 8.2 HIGH |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | |||||
| CVE-2011-4967 | 2 Openpegasus, Redhat | 2 Tog-pegasus, Enterprise Linux | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| tog-Pegasus has a package hash collision DoS vulnerability | |||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2019-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
| CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2019-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2019-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2019-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2019-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2019-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | |||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2019-11-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
| CVE-2010-3857 | 1 Redhat | 1 Jboss Business Rules Management System | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | |||||
| CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenShift Origin: Improperly validated team names could allow stored XSS attacks | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2019-11-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2013-1820 | 2 Fedoraproject, Redhat | 2 Fedora, Tuned | 2019-11-14 | 4.7 MEDIUM | 5.5 MEDIUM |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | |||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2019-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||