Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-2103 1Redhat 1Openshift Nov 21, 2024 Dec 3, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 OpenShift cartridge allows remote URL retrieval
CVE-2013-2101 2Redhat Theforeman 2Katello Satellite Nov 21, 2024 Dec 3, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Katello has multiple XSS issues in various entities
CVE-2012-5562 1Redhat 1Satellite Apr 9, 2026 Dec 2, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authenticati...Show more A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.Show less
CVE-2019-19319 3Linux OpensuseRedhat 3Enterprise Linux LeapLinux Kernel Nov 21, 2024 Nov 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.4 MEDIUM· v2 In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large o...Show more In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.Show less
CVE-2019-18660 5Canonical FedoraprojectLinux+2 more 5Enterprise Linux FedoraLeap+2 more Nov 21, 2024 Nov 27, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and...Show more The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.Show less
CVE-2011-2717 2Linux Redhat 2Dhcp6c Enterprise Linux Nov 21, 2024 Nov 27, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-2515 3Debian Packagekit ProjectRedhat 3Debian Linux Enterprise Linux ServerPackagekit Nov 21, 2024 Nov 27, 2019 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
CVE-2011-2207 3Debian GnupgRedhat 3Debian Linux Enterprise LinuxGnupg Nov 21, 2024 Nov 27, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
CVE-2012-6655 4Accountsservice Project DebianOpensuse+1 more 4Accountsservice Debian LinuxEnterprise Linux+1 more Nov 21, 2024 Nov 27, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVE-2019-19242 5Canonical OracleRedhat+2 more 5Enterprise Linux Mysql WorkbenchSinec Infrastructure Network Services+2 more Nov 21, 2024 Nov 27, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVE-2016-4980 3Ethz FedoraprojectRedhat 3Enterprise Linux FedoraXquest Nov 21, 2024 Nov 27, 2019 N/A· v4 2.5 LOW· v3 1.9 LOW· v2 A password generation weakness exists in xquest through 2016-06-13.
CVE-2019-10216 2Artifex Redhat 93scale Api Management Enterprise LinuxEnterprise Linux Desktop+6 more Nov 21, 2024 Nov 27, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially cra...Show more In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.Show less
CVE-2019-14896 5Canonical DebianFedoraproject+2 more 5Debian Linux Enterprise LinuxFedora+2 more Nov 21, 2024 Nov 27, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrar...Show more A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.Show less
CVE-2019-14842 1Redhat 1Libnbd Nov 21, 2024 Nov 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work...Show more Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.Show less
CVE-2019-14856 2Opensuse Redhat 4Ansible Backports SleLeap+1 more Nov 21, 2024 Nov 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
CVE-2019-14890 1Redhat 1Ansible Tower Nov 21, 2024 Nov 26, 2019 N/A· v4 8.4 HIGH· v3 2.1 LOW· v2 A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config'...Show more A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.Show less
CVE-2011-3632 3Debian Hardlink ProjectRedhat 3Debian Linux Enterprise LinuxHardlink Nov 21, 2024 Nov 26, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
CVE-2011-3631 3Debian Hardlink ProjectRedhat 3Debian Linux Enterprise LinuxHardlink Nov 21, 2024 Nov 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote att...Show more Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.Show less
CVE-2011-3630 3Debian Hardlink ProjectRedhat 3Debian Linux Enterprise LinuxHardlink Nov 21, 2024 Nov 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory...Show more Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.Show less
CVE-2011-3609 1Redhat 1Jboss Application Server Nov 21, 2024 Nov 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag)...Show more A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.Show less

Previous 1...848586...284 Next