Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6496 | 1 Redhat | 1 Conga | 2023-02-12 | 5.0 MEDIUM | N/A |
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | |||||
CVE-2013-4345 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2023-02-12 | 5.8 MEDIUM | N/A |
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. | |||||
CVE-2013-4296 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2023-02-12 | 4.0 MEDIUM | N/A |
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. | |||||
CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
CVE-2013-4405 | 1 Redhat | 1 Enterprise Mrg | 2023-02-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. | |||||
CVE-2013-4166 | 2 Gnome, Redhat | 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | |||||
CVE-2013-4236 | 1 Redhat | 1 Enterprise Virtualization | 2023-02-12 | 2.7 LOW | N/A |
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||||
CVE-2013-2165 | 1 Redhat | 8 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 5 more | 2023-02-12 | 7.5 HIGH | N/A |
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. | |||||
CVE-2013-4386 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. | |||||
CVE-2013-1896 | 4 Apache, Canonical, Opensuse and 1 more | 10 Http Server, Ubuntu Linux, Opensuse and 7 more | 2023-02-12 | 4.3 MEDIUM | N/A |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. | |||||
CVE-2013-1855 | 2 Redhat, Rubyonrails | 3 Enterprise Linux, Rails, Ruby On Rails | 2023-02-12 | 4.3 MEDIUM | N/A |
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. | |||||
CVE-2013-4235 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Shadow, Fedora and 1 more | 2023-02-12 | 3.3 LOW | 4.7 MEDIUM |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | |||||
CVE-2013-2015 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-02-12 | 4.7 MEDIUM | N/A |
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. | |||||
CVE-2013-0185 | 1 Redhat | 1 Manageiq Enterprise Virtualization Manager | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
CVE-2013-0165 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | 7.3 HIGH |
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | |||||
CVE-2013-0186 | 1 Redhat | 2 Cloudforms, Manageiq Enterprise Virtualization Manager | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | |||||
CVE-2012-5629 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2023-02-12 | 7.5 HIGH | N/A |
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. | |||||
CVE-2012-4423 | 1 Redhat | 1 Libvirt | 2023-02-12 | 5.0 MEDIUM | N/A |
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. |