Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-16 | 2.1 LOW | N/A |
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2009-4139 | 1 Redhat | 2 Network Satellite Server, Spacewalk-java | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges. | |||||
CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2017-08-16 | 4.6 MEDIUM | N/A |
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | |||||
CVE-2009-0788 | 1 Redhat | 1 Network Satellite Server | 2017-08-16 | 6.4 MEDIUM | N/A |
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. | |||||
CVE-2008-6560 | 1 Redhat | 3 Cman, Fedora, Linux | 2017-08-16 | 7.8 HIGH | N/A |
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. | |||||
CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2017-08-16 | 5.0 MEDIUM | N/A |
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | |||||
CVE-2009-0180 | 2 Nfs, Redhat | 2 Nfs-utils, Fedora | 2017-08-07 | 7.5 HIGH | N/A |
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | |||||
CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2017-08-07 | 6.0 MEDIUM | N/A |
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | |||||
CVE-2008-4192 | 1 Redhat | 1 Cman | 2017-08-07 | 6.9 MEDIUM | N/A |
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | |||||
CVE-2008-3844 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Enterprise Linux Desktop | 2017-08-07 | 9.3 HIGH | N/A |
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. | |||||
CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2017-08-07 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
CVE-2008-3252 | 2 Fedora, Redhat | 2 Newsx, Fedora | 2017-08-07 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. | |||||
CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-07 | 4.3 MEDIUM | N/A |
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | |||||
CVE-2008-3522 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Virtualization | 2017-08-07 | 10.0 HIGH | N/A |
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | |||||
CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2017-08-07 | 4.7 MEDIUM | N/A |
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | |||||
CVE-2008-1796 | 2 Comix, Redhat | 2 Comix, Fedora | 2017-08-07 | 4.9 MEDIUM | N/A |
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | |||||
CVE-2008-2112 | 3 Novell, Redhat, Sun | 4 Suse Linux Enterprise Server, Enterprise Linux, Ray Server Software and 1 more | 2017-08-07 | 8.5 HIGH | N/A |
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | |||||
CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2017-08-07 | 7.2 HIGH | N/A |
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | |||||
CVE-2008-2367 | 1 Redhat | 1 Certificate System | 2017-08-07 | 2.1 LOW | N/A |
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. | |||||
CVE-2008-2368 | 1 Redhat | 1 Certificate System | 2017-08-07 | 2.1 LOW | N/A |
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. |