Filtered by vendor Redhat
Subscribe
Total
5151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2018-02-01 | 7.2 HIGH | 7.8 HIGH |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | |||||
| CVE-2014-0121 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | |||||
| CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2018-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | |||||
| CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2018-01-10 | 2.1 LOW | 5.5 MEDIUM |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | |||||
| CVE-2013-2186 | 2 Redhat, Ubuntu | 5 Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Web Server and 2 more | 2018-01-08 | 7.5 HIGH | N/A |
| The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | |||||
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||||
| CVE-2016-7033 | 1 Redhat | 1 Jboss Bpm Suite | 2018-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9635 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. | |||||
| CVE-2016-9636 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. | |||||
| CVE-2016-7545 | 3 Fedoraproject, Redhat, Selinux Project | 7 Fedora, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2018-01-04 | 7.2 HIGH | 8.8 HIGH |
| SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||||
| CVE-2016-9634 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | |||||
| CVE-2016-6344 | 1 Redhat | 1 Jboss Bpm Suite | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | |||||
| CVE-2015-1818 | 1 Redhat | 1 Jboss Bpm Suite | 2018-01-04 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document. | |||||
| CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | |||||
| CVE-2015-3216 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2018-01-04 | 4.3 MEDIUM | N/A |
| Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. | |||||
| CVE-2015-4147 | 3 Apple, Php, Redhat | 8 Mac Os X, Php, Enterprise Linux Desktop and 5 more | 2018-01-04 | 7.5 HIGH | N/A |
| The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2015-4148 | 3 Apple, Php, Redhat | 8 Mac Os X, Php, Enterprise Linux Desktop and 5 more | 2018-01-04 | 5.0 MEDIUM | N/A |
| The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. | |||||
| CVE-2015-4599 | 2 Php, Redhat | 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
| The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2015-4600 | 2 Php, Redhat | 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
| The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. | |||||
| CVE-2015-4601 | 2 Php, Redhat | 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
| PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. | |||||