Filtered by vendor Redhat
Subscribe
Total
5769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 3 Pacemaker, Enterprise Linux High Availability, Enterprise Linux Resilient Storage | 2025-04-12 | 7.5 HIGH | N/A |
|
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
|
|||||
| CVE-2014-3194 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2014-3602 | 1 Redhat | 1 Openshift | 2025-04-12 | 2.1 LOW | N/A |
|
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
|
|||||
| CVE-2015-5304 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 3.5 LOW | N/A |
|
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2014-3676 | 1 Redhat | 1 Shim | 2025-04-12 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
|
|||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
|
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
|
|||||
| CVE-2016-1714 | 3 Oracle, Qemu, Redhat | 3 Linux, Qemu, Openstack | 2025-04-12 | 6.9 MEDIUM | 8.1 HIGH |
|
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
|
|||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
|
|||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
|
|||||
| CVE-2014-8175 | 1 Redhat | 1 Jboss Fuse | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
|
|||||
| CVE-2014-0086 | 1 Redhat | 2 Jboss Web Framework Kit, Richfaces | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
|
|||||
| CVE-2016-7857 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2015-5188 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
|
|||||
| CVE-2014-9322 | 6 Canonical, Google, Linux and 3 more | 6 Ubuntu Linux, Android, Linux Kernel and 3 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
|
|||||
| CVE-2015-5234 | 3 Fedoraproject, Opensuse, Redhat | 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
|
|||||
| CVE-2015-1273 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.
|
|||||
| CVE-2014-7812 | 2 Redhat, Suse | 3 Satellite, Spacewalk, Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
|
|||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
|
|||||
| CVE-2016-0504 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
|
|||||
| CVE-2014-2432 | 3 Mariadb, Oracle, Redhat | 9 Mariadb, Mysql, Solaris and 6 more | 2025-04-12 | 2.8 LOW | N/A |
|
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
|
|||||
| CVE-2014-9273 | 3 Debian, Opensuse, Redhat | 6 Hivex, Opensuse, Enterprise Linux Desktop and 3 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
|
|||||
| CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
|
|||||
| CVE-2014-0101 | 4 Canonical, F5, Linux and 1 more | 27 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 24 more | 2025-04-12 | 7.8 HIGH | N/A |
|
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
|
|||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-4132 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
|
|||||
| CVE-2015-1243 | 4 Canonical, Debian, Google and 1 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
|
|||||
| CVE-2014-8964 | 6 Fedoraproject, Mariadb, Opensuse and 3 more | 11 Fedora, Mariadb, Opensuse and 8 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
|
|||||
| CVE-2014-0186 | 1 Redhat | 1 Enterprise Linux | 2025-04-12 | 5.0 MEDIUM | N/A |
|
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
|
|||||
| CVE-2016-7031 | 2 Ceph Project, Redhat | 2 Ceph, Ceph Storage | 2025-04-12 | 4.3 MEDIUM | 7.5 HIGH |
|
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
|
|||||
| CVE-2015-1842 | 1 Redhat | 1 Openstack | 2025-04-12 | 10.0 HIGH | N/A |
|
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
|
|||||
| CVE-2015-5318 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
|
|||||
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 20 Fedora, Filezilla Server, Mariadb and 17 more | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|
|||||
| CVE-2014-0078 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
|
|||||
| CVE-2014-5177 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2025-04-12 | 1.2 LOW | N/A |
|
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virSto ...
Show More |
|||||
| CVE-2016-7065 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
|
|||||
| CVE-2014-9623 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
|
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
|
|||||
| CVE-2014-0176 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-7942 | 5 Canonical, Chromium, Google and 2 more | 8 Ubuntu Linux, Chromium, Chrome and 5 more | 2025-04-12 | 7.5 HIGH | N/A |
|
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2016-0363 | 3 Ibm, Novell, Redhat | 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing th ...
Show More |
|||||
| CVE-2016-4152 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
|
|||||