Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0059 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2016-09-30 | 2.1 LOW | N/A |
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2016-09-22 | 7.2 HIGH | 8.4 HIGH |
Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | |||||
CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2016-09-22 | 2.1 LOW | 8.4 HIGH |
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | |||||
CVE-2000-0322 | 1 Redhat | 1 Linux | 2016-09-16 | 10.0 HIGH | N/A |
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters. | |||||
CVE-2016-5422 | 1 Redhat | 1 Jboss Operations Network | 2016-09-08 | 6.5 MEDIUM | 8.8 HIGH |
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. | |||||
CVE-2016-6345 | 1 Redhat | 1 Resteasy | 2016-09-08 | 4.0 MEDIUM | 6.5 MEDIUM |
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | |||||
CVE-2014-3188 | 2 Google, Redhat | 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more | 2016-09-07 | 10.0 HIGH | N/A |
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | |||||
CVE-2014-7300 | 2 Gnome, Redhat | 5 Gnome-shell, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-08-31 | 7.2 HIGH | N/A |
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | |||||
CVE-2016-5383 | 1 Redhat | 1 Cloudforms | 2016-08-26 | 6.5 MEDIUM | 8.8 HIGH |
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | |||||
CVE-2012-5689 | 3 Canonical, Isc, Redhat | 8 Ubuntu Linux, Bind, Enterprise Linux Desktop and 5 more | 2016-08-19 | 7.1 HIGH | N/A |
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | |||||
CVE-2015-1843 | 1 Redhat | 1 Docker | 2016-07-25 | 4.3 MEDIUM | N/A |
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | |||||
CVE-2015-1814 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 7.5 HIGH | N/A |
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | |||||
CVE-2015-1812 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. | |||||
CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 3.5 LOW | N/A |
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||||
CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 3.5 LOW | N/A |
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||||
CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 6.5 MEDIUM | N/A |
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
CVE-2015-1813 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. | |||||
CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.6 MEDIUM | N/A |
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | |||||
CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 7.5 HIGH | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2016-06-09 | 9.0 HIGH | 8.8 HIGH |
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. |