Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3940 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. | |||||
CVE-2011-2925 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 4.6 MEDIUM | N/A |
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | |||||
CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||||
CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
CVE-2012-1090 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||||
CVE-2019-11478 | 5 Canonical, F5, Linux and 2 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | |||||
CVE-2012-2681 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 5.8 MEDIUM | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | |||||
CVE-2012-2680 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 5.0 MEDIUM | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | |||||
CVE-2012-2685 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 4.0 MEDIUM | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | |||||
CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.8 MEDIUM | N/A |
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-2684 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. | |||||
CVE-2012-3459 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 4.9 MEDIUM | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | |||||
CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
cumin: At installation postgresql database user created without password | |||||
CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
CVE-2020-12826 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2021-07-15 | 4.4 MEDIUM | 5.3 MEDIUM |
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | |||||
CVE-2020-1749 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | |||||
CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
CVE-2013-2164 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | N/A |
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. | |||||
CVE-2013-2548 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2021-07-15 | 2.1 LOW | N/A |
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. | |||||
CVE-2017-15128 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). |