Filtered by vendor Redhat
Subscribe
Total
5761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4397 | 2 Feep, Redhat | 2 Libtar, Enterprise Linux | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-6117 | 1 Redhat | 1 Cloudforms Cloud Engine | 2025-04-11 | 2.1 LOW | N/A |
| Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. | |||||
| CVE-2012-0042 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-11 | 2.9 LOW | N/A |
| Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. | |||||
| CVE-2013-0375 | 4 Canonical, Mariadb, Oracle and 1 more | 7 Ubuntu Linux, Mariadb, Mysql and 4 more | 2025-04-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | |||||
| CVE-2014-1869 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). | |||||
| CVE-2011-0720 | 2 Plone, Redhat | 3 Plone, Conga, Luci | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. | |||||
| CVE-2012-0787 | 2 Augeas, Redhat | 2 Augeas, Enterprise Linux | 2025-04-11 | 3.7 LOW | N/A |
| The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option. | |||||
| CVE-2009-2696 | 2 Apache, Redhat | 4 Tomcat, Desktop Workstation, Enterprise Linux and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781. | |||||
| CVE-2010-1439 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Rhn-client-tools and 1 more | 2025-04-11 | 3.6 LOW | N/A |
| yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. | |||||
| CVE-2012-3411 | 2 Redhat, Thekelleys | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. | |||||
| CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 3 Enterprise Linux, Ruby, Rubygems | 2025-04-11 | 4.3 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | |||||
| CVE-2012-5516 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-5647 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. | |||||
| CVE-2013-0200 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
| HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. | |||||
| CVE-2013-4854 | 10 Fedoraproject, Freebsd, Hp and 7 more | 12 Fedora, Freebsd, Hp-ux and 9 more | 2025-04-11 | 7.8 HIGH | N/A |
| The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | |||||
| CVE-2013-2555 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2025-04-11 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2012-2038 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2012-2125 | 3 Canonical, Redhat, Rubygems | 3 Ubuntu Linux, Openshift, Rubygems | 2025-04-11 | 5.8 MEDIUM | N/A |
| RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | |||||
| CVE-2011-2927 | 1 Redhat | 2 Network Satellite, Spacewalk | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms. | |||||