Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0062 5 Debian, Freebsd, Gnu and 2 more 5 Debian Linux, Freebsd, Ncurses and 2 more 2023-03-03 7.2 HIGH N/A
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
CVE-2022-0480 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2023-03-03 N/A 5.5 MEDIUM
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
CVE-2015-7559 2 Apache, Redhat 3 Activemq, Jboss A-mq, Jboss Fuse 2023-03-03 4.0 MEDIUM 2.7 LOW
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
CVE-2019-3884 1 Redhat 1 Openshift 2023-03-03 5.0 MEDIUM 5.4 MEDIUM
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVE-2014-8183 2 Redhat, Theforeman 2 Satellite, Foreman 2023-03-03 6.5 MEDIUM 7.4 HIGH
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
CVE-2023-0044 2 Quarkus, Redhat 2 Quarkus, Build Of Quarkus 2023-03-03 N/A 6.1 MEDIUM
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CVE-2022-2873 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2023-03-02 N/A 5.5 MEDIUM
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CVE-2022-1652 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, H300s and 10 more 2023-03-01 7.2 HIGH 7.8 HIGH
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2022-3675 1 Redhat 1 Fedora Coreos 2023-03-01 N/A 5.5 MEDIUM
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
CVE-2018-20662 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2018-8905 4 Canonical, Debian, Libtiff and 1 more 6 Ubuntu Linux, Debian Linux, Libtiff and 3 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-10998 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
CVE-2018-19107 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVE-2018-14599 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2023-03-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVE-2019-19921 5 Canonical, Debian, Linuxfoundation and 2 more 5 Ubuntu Linux, Debian Linux, Runc and 2 more 2023-03-01 4.4 MEDIUM 7.0 HIGH
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CVE-2019-3889 1 Redhat 1 Openshift Container Platform 2023-03-01 3.5 LOW 5.4 MEDIUM
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.
CVE-2019-10194 2 Ovirt, Redhat 2 Ovirt, Virtualization Manager 2023-03-01 2.1 LOW 5.5 MEDIUM
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVE-2021-4204 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, H300s and 10 more 2023-03-01 N/A 7.1 HIGH
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
CVE-2022-0918 2 Port389, Redhat 2 389-ds-base, Enterprise Linux 2023-03-01 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.