Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4444 2 Redhat, Setroubleshoot Project 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more 2017-04-17 6.9 MEDIUM 7.0 HIGH
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
CVE-2008-7313 3 Nagios, Redhat, Snoopy 3 Nagios, Openstack, Snoopy 2017-04-04 7.5 HIGH 9.8 CRITICAL
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2014-5008 3 Debian, Redhat, Snoopy 3 Debian Linux, Openstack, Snoopy 2017-04-04 7.5 HIGH 9.8 CRITICAL
Snoopy allows remote attackers to execute arbitrary commands.
CVE-2014-4038 3 Ppc64-diag Project, Redhat, Suse 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server 2017-01-06 4.4 MEDIUM N/A
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
CVE-2014-4039 3 Ppc64-diag Project, Redhat, Suse 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server 2017-01-06 2.1 LOW N/A
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
CVE-2014-4615 3 Canonical, Openstack, Redhat 6 Ubuntu Linux, Neutron, Oslo and 3 more 2017-01-06 5.0 MEDIUM N/A
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
CVE-2014-0058 1 Redhat 1 Jboss Enterprise Application Platform 2017-01-06 1.9 LOW N/A
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
CVE-2014-0093 1 Redhat 1 Jboss Enterprise Application Platform 2017-01-06 5.8 MEDIUM N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
CVE-2014-0018 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2017-01-06 1.9 LOW N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.
CVE-2015-1250 4 Canonical, Debian, Google and 1 more 7 Ubuntu Linux, Debian Linux, Chrome and 4 more 2017-01-02 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1243 4 Canonical, Debian, Google and 1 more 7 Ubuntu Linux, Debian Linux, Chrome and 4 more 2017-01-02 7.5 HIGH N/A
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVE-2014-7823 1 Redhat 1 Libvirt 2017-01-02 5.0 MEDIUM N/A
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
CVE-2014-7852 1 Redhat 1 Jboss Enterprise Portal Platform 2017-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
CVE-2014-8108 3 Apache, Apple, Redhat 6 Subversion, Xcode, Enterprise Linux Desktop and 3 more 2017-01-02 5.0 MEDIUM N/A
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
CVE-2014-3580 4 Apache, Apple, Debian and 1 more 8 Subversion, Xcode, Debian Linux and 5 more 2016-12-23 5.0 MEDIUM N/A
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
CVE-2015-4862 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2016-12-23 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-2775 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Mailman and 1 more 2016-12-23 7.6 HIGH N/A
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
CVE-2015-4890 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2016-12-23 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
CVE-2015-4800 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2016-12-23 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-4910 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2016-12-23 2.1 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.