Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3552 1 Redhat 1 Enterprise Virtualization Manager 2019-11-12 2.9 LOW 3.1 LOW
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
CVE-2013-5123 5 Debian, Fedoraproject, Pypa and 2 more 6 Debian Linux, Fedora, Pip and 3 more 2019-11-12 4.3 MEDIUM 5.9 MEDIUM
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVE-2013-4409 3 Fedoraproject, Redhat, Reviewboard 4 Fedora, Enterprise Linux, Djblets and 1 more 2019-11-08 7.5 HIGH 9.8 CRITICAL
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVE-2013-5661 4 Isc, Nic, Nlnetlabs and 1 more 4 Bind, Knot Resolver, Nsd and 1 more 2019-11-08 2.6 LOW 5.9 MEDIUM
Cache Poisoning issue exists in DNS Response Rate Limiting.
CVE-2013-4251 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2019-11-08 4.6 MEDIUM 7.8 HIGH
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
CVE-2010-2222 1 Redhat 2 389 Directory Server, Directory Server 2019-11-08 5.0 MEDIUM 7.5 HIGH
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
CVE-2016-1000037 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Pagure 2019-11-08 4.3 MEDIUM 6.1 MEDIUM
Pagure: XSS possible in file attachment endpoint
CVE-2013-4374 1 Redhat 2 Jboss Operations Network, Rhq Mongo Db Drift Server 2019-11-08 3.6 LOW 7.1 HIGH
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
CVE-2016-4983 3 Dovecot, Opensuse, Redhat 4 Dovecot, Leap, Opensuse and 1 more 2019-11-08 2.1 LOW 3.3 LOW
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
CVE-2017-5333 5 Canonical, Debian, Icoutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more 2019-11-07 6.8 MEDIUM 7.8 HIGH
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
CVE-2013-2255 3 Debian, Openstack, Redhat 4 Debian Linux, Compute, Keystone and 1 more 2019-11-07 4.3 MEDIUM 5.9 MEDIUM
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
CVE-2018-5742 2 Isc, Redhat 2 Bind, Enterprise Linux 2019-11-07 4.3 MEDIUM 7.5 HIGH
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
CVE-2019-6470 3 Isc, Opensuse, Redhat 6 Bind, Dhcpd, Leap and 3 more 2019-11-06 5.0 MEDIUM 7.5 HIGH
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
CVE-2018-1000095 1 Redhat 1 Ovirt-engine 2019-11-06 3.5 LOW 4.8 MEDIUM
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
CVE-2018-1074 2 Ovirt, Redhat 2 Ovirt, Enterprise Virtualization 2019-11-06 4.0 MEDIUM 7.2 HIGH
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
CVE-2016-3077 1 Redhat 1 Ovirt-engine 2019-11-06 4.0 MEDIUM 6.5 MEDIUM
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
CVE-2017-5332 5 Canonical, Debian, Icoutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more 2019-11-06 6.8 MEDIUM 7.8 HIGH
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVE-2013-4280 1 Redhat 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager 2019-11-06 2.1 LOW 5.5 MEDIUM
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
CVE-2014-3649 1 Redhat 1 Jboss Aerogear 2019-11-06 4.3 MEDIUM 6.1 MEDIUM
JBoss AeroGear has reflected XSS via the password field
CVE-2013-4751 3 Fedoraproject, Redhat, Sensiolabs 3 Fedora, Enterprise Linux, Symfony 2019-11-06 4.9 MEDIUM 8.1 HIGH
php-symfony2-Validator has loss of information during serialization