Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2699 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. | |||||
CVE-2011-2689 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-02-12 | 4.9 MEDIUM | N/A |
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space. | |||||
CVE-2011-2189 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. | |||||
CVE-2011-2178 | 1 Redhat | 1 Libvirt | 2023-02-12 | 4.4 MEDIUM | N/A |
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. | |||||
CVE-2010-4251 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Linux, Esx | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. | |||||
CVE-2010-4265 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Remoting | 2023-02-12 | 2.6 LOW | N/A |
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. | |||||
CVE-2010-4179 | 1 Redhat | 1 Enterprise Mrg | 2023-02-12 | 7.5 HIGH | N/A |
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. | |||||
CVE-2010-4526 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Mrg, Esx | 2023-02-12 | 7.1 HIGH | N/A |
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | |||||
CVE-2010-4238 | 3 Citrix, Linux, Redhat | 3 Xen, Linux Kernel, Enterprise Linux | 2023-02-12 | 5.5 MEDIUM | N/A |
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-4351 | 2 Redhat, Sun | 2 Icedtea, Openjdk | 2023-02-12 | 6.8 MEDIUM | N/A |
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | |||||
CVE-2010-3881 | 3 Linux, Redhat, Suse | 6 Linux Kernel, Enterprise Linux Server, Enterprise Linux Workstation and 3 more | 2023-02-12 | 2.1 LOW | N/A |
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. | |||||
CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2023-02-12 | 6.4 MEDIUM | N/A |
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||
CVE-2010-1429 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-02-12 | 5.0 MEDIUM | N/A |
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. | |||||
CVE-2010-0738 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-02-12 | 5.0 MEDIUM | N/A |
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | |||||
CVE-2010-0435 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2023-02-12 | 4.6 MEDIUM | N/A |
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | |||||
CVE-2012-0860 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-02-12 | 6.2 MEDIUM | N/A |
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | |||||
CVE-2012-0818 | 1 Redhat | 1 Resteasy | 2023-02-12 | 5.0 MEDIUM | N/A |
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. | |||||
CVE-2012-0067 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2023-02-12 | 4.3 MEDIUM | N/A |
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. | |||||
CVE-2011-4930 | 3 Condor Project, Fedoraproject, Redhat | 3 Condor, Fedora, Enterprise Mrg | 2023-02-12 | 4.4 MEDIUM | N/A |
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. | |||||
CVE-2011-4600 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2023-02-12 | 4.3 MEDIUM | 5.9 MEDIUM |
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. |