Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0029 | 1 Redhat | 1 Subscription Asset Manager | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2017-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||||
CVE-2014-7813 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2017-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols. | |||||
CVE-2016-4300 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | |||||
CVE-2016-4302 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. | |||||
CVE-2015-0250 | 3 Apache, Canonical, Redhat | 3 Batik, Ubuntu Linux, Jboss Enterprise Brms Platform | 2017-11-03 | 6.4 MEDIUM | N/A |
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | |||||
CVE-2016-3737 | 1 Redhat | 1 Jboss Operations Network | 2017-11-02 | 9.0 HIGH | 9.8 CRITICAL |
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | |||||
CVE-2000-1134 | 7 Caldera, Conectiva, Hp and 4 more | 9 Openlinux, Openlinux Edesktop, Openlinux Eserver and 6 more | 2017-10-18 | 7.2 HIGH | N/A |
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||||
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2017-10-18 | 2.1 LOW | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | |||||
CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2017-10-10 | 2.1 LOW | N/A |
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||
CVE-2007-1859 | 2 Redhat, Xscreensaver | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2017-10-10 | 4.6 MEDIUM | N/A |
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | |||||
CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2017-10-10 | 2.1 LOW | N/A |
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||
CVE-2007-3104 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-10 | 4.9 MEDIUM | N/A |
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. | |||||
CVE-2007-3374 | 1 Redhat | 1 Cluster Suite | 2017-10-10 | 4.6 MEDIUM | N/A |
Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. | |||||
CVE-2007-3379 | 1 Redhat | 2 Enterprise Linux, Linux | 2017-10-10 | 2.1 LOW | N/A |
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. | |||||
CVE-2007-0771 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-10 | 4.9 MEDIUM | N/A |
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | |||||
CVE-2006-4342 | 1 Redhat | 1 Enterprise Linux | 2017-10-10 | 4.0 MEDIUM | N/A |
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked. | |||||
CVE-2006-3813 | 1 Redhat | 1 Enterprise Linux | 2017-10-10 | 2.1 LOW | N/A |
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. | |||||
CVE-2006-7226 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-10 | 4.3 MEDIUM | N/A |
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | |||||
CVE-2006-7176 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2017-10-10 | 4.3 MEDIUM | N/A |
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. |