Filtered by vendor Redhat
Subscribe
Total
5769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5614 | 3 Mariadb, Oracle, Redhat | 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
|
|||||
| CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
|
|||||
| CVE-2012-3177 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
|
|||||
| CVE-2012-4290 | 4 Opensuse, Redhat, Sun and 1 more | 4 Opensuse, Enterprise Linux, Sunos and 1 more | 2025-04-11 | 3.3 LOW | N/A |
|
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
|
|||||
| CVE-2013-0791 | 4 Canonical, Mozilla, Oracle and 1 more | 12 Ubuntu Linux, Firefox, Network Security Services and 9 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
|
|||||
| CVE-2013-0780 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
|
|||||
| CVE-2013-0772 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
|
|||||
| CVE-2012-1689 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux Desktop and 3 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
|||||
| CVE-2012-2333 | 2 Openssl, Redhat | 2 Openssl, Openssl | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
|
|||||
| CVE-2012-2735 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2025-04-11 | 4.9 MEDIUM | N/A |
|
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
|
|||||
| CVE-2012-4184 | 4 Canonical, Mozilla, Redhat and 1 more | 12 Ubuntu Linux, Firefox, Seamonkey and 9 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.
|
|||||
| CVE-2013-1872 | 4 Canonical, Mesa3d, Opensuse and 1 more | 4 Ubuntu Linux, Mesa, Opensuse and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
|
|||||
| CVE-2013-0218 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2025-04-11 | 2.1 LOW | N/A |
|
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
|
|||||
| CVE-2011-0532 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2025-04-11 | 6.2 MEDIUM | N/A |
|
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
|
|||||
| CVE-2012-1149 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Openoffice.org, Debian Linux, Fedora and 7 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2013-5364 | 2 Redhat, Secunia | 2 Enterprise Linux, Csi Agent | 2025-04-11 | 3.6 LOW | N/A |
|
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.
|
|||||
| CVE-2010-4251 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Linux, Esx | 2025-04-11 | 7.8 HIGH | 7.5 HIGH |
|
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
|
|||||
| CVE-2012-3422 | 1 Redhat | 1 Icedtea-web | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
|
|||||
| CVE-2010-0430 | 1 Redhat | 1 Enterprise Virtualization Hypervisor | 2025-04-11 | 7.4 HIGH | N/A |
|
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
|
|||||
| CVE-2012-5604 | 1 Redhat | 1 Cloudforms | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
|
|||||
| CVE-2013-0164 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-11 | 3.6 LOW | N/A |
|
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
|
|||||
| CVE-2012-2679 | 1 Redhat | 1 Rhncfg | 2025-04-11 | 2.1 LOW | N/A |
|
Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file.
|
|||||
| CVE-2012-3427 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 2.1 LOW | N/A |
|
EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.
|
|||||
| CVE-2011-0706 | 2 Redhat, Sun | 2 Icedtea-web, Jdk | 2025-04-11 | 7.5 HIGH | N/A |
|
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
|
|||||
| CVE-2013-1913 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
|
|||||
| CVE-2011-3206 | 2 Redhat, Rhq-project | 2 Jboss Operations Network, Rhq | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-1416 | 4 Fedoraproject, Mit, Opensuse and 1 more | 8 Fedora, Kerberos 5, Opensuse and 5 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
|
|||||
| CVE-2013-5651 | 1 Redhat | 1 Libvirt | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
|
|||||
| CVE-2013-0241 | 3 Canonical, Qxl Graphics Driver Project, Redhat | 5 Ubuntu Linux, Xf86-video-qxl, Enterprise Linux Desktop and 2 more | 2025-04-11 | 2.1 LOW | N/A |
|
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-2834 | 4 Apple, Debian, Google and 1 more | 8 Iphone Os, Mac Os X, Debian Linux and 5 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
|
|||||
| CVE-2012-5622 | 1 Redhat | 1 Openshift | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
|
|||||
| CVE-2010-1439 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Rhn-client-tools and 1 more | 2025-04-11 | 3.6 LOW | N/A |
|
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
|
|||||
| CVE-2012-4215 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2011-3589 | 1 Redhat | 1 Kexec-tools | 2025-04-11 | 5.7 MEDIUM | N/A |
|
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
|
|||||
| CVE-2012-2124 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-11 | 5.0 MEDIUM | N/A |
|
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
|
|||||
| CVE-2012-1106 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2025-04-11 | 1.9 LOW | N/A |
|
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
|
|||||
| CVE-2013-4181 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-3083 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | 4.3 MEDIUM | N/A |
|
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
|
|||||
| CVE-2012-6538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
|
|||||
| CVE-2012-0574 | 4 Canonical, Mariadb, Oracle and 1 more | 7 Ubuntu Linux, Mariadb, Mysql and 4 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
|
|||||