Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0923 | 1 Redhat | 1 Redhat Package Manager | 2017-12-18 | 7.2 HIGH | N/A |
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. | |||||
CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-12-18 | 7.5 HIGH | N/A |
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||||
CVE-2001-0496 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2017-12-18 | 4.6 MEDIUM | N/A |
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | |||||
CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2017-12-18 | 2.1 LOW | N/A |
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2017-12-18 | 5.0 MEDIUM | N/A |
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | |||||
CVE-2000-0531 | 2 Caldera, Redhat | 3 Openlinux, Openlinux Eserver, Linux | 2017-12-18 | 2.1 LOW | N/A |
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. | |||||
CVE-2001-1013 | 1 Redhat | 1 Linux | 2017-12-18 | 5.0 MEDIUM | N/A |
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | |||||
CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2017-12-18 | 7.2 HIGH | N/A |
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
CVE-2014-0086 | 1 Redhat | 2 Jboss Web Framework Kit, Richfaces | 2017-12-15 | 4.3 MEDIUM | N/A |
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests. | |||||
CVE-2016-4993 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2016-5406 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2017-12-14 | 6.5 MEDIUM | 8.8 HIGH |
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | |||||
CVE-2016-6311 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | |||||
CVE-2016-7046 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-12-14 | 7.1 HIGH | 5.9 MEDIUM |
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | |||||
CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2017-12-08 | 4.3 MEDIUM | 5.9 MEDIUM |
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||
CVE-2013-2219 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2017-11-17 | 4.0 MEDIUM | N/A |
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. | |||||
CVE-2013-3734 | 1 Redhat | 1 Jboss Application Server | 2017-11-17 | 6.0 MEDIUM | 6.6 MEDIUM |
** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console. | |||||
CVE-2015-4170 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Compute Node Eus, Enterprise Linux For Ibm Z Systems Eus and 3 more | 2017-11-11 | 4.7 MEDIUM | 4.7 MEDIUM |
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. | |||||
CVE-2010-1871 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2017-11-09 | 6.8 MEDIUM | N/A |
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured. | |||||
CVE-2015-5164 | 2 Pulpproject, Redhat | 2 Qpid, Satellite | 2017-11-08 | 9.0 HIGH | 7.2 HIGH |
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp. | |||||
CVE-2014-3702 | 1 Redhat | 1 Edeploy | 2017-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter. |