Redhat
redhat
5,679 CVEs • 537 products
Products (537)
Click to collapseToggle
Products (537)
Click to collapse
CVEs (5,679)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access se...Show more |
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized infor...Show more |
3Debian FedoraprojectRedhat3389 Directory Server Debian LinuxEnterprise LinuxNov 21, 2024 Nov 8, 2019 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes,...Show more |
3Ceph FedoraprojectRedhat3Ceph Ceph StorageFedoraNov 21, 2024 Nov 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connectio...Show more |
3Netapp OracleRedhat188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 moreJul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more |
2Fedoraproject Redhat2Fedora TunedNov 21, 2024 Nov 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.7 MEDIUM· v2 tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. |
1Redhat 1Jboss Operations Network Nov 21, 2024 Nov 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. |
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in th...Show more |
3Fedoraproject LinuxRedhat3Enterprise Linux FedoraLinux KernelNov 21, 2024 Nov 7, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_para...Show more |
5Broadcom LinuxNetapp+2 more17Active Iq Unified Manager Aff A400 FirmwareAff A700s Firmware+14 moreNov 21, 2024 Nov 7, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc...Show more |
2Fedoraproject Redhat3Enterprise Linux FedoraPagureNov 21, 2024 Nov 6, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Pagure: XSS possible in file attachment endpoint |
1Redhat 2Enterprise Linux Enterprise MrgNov 21, 2024 Nov 6, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. |
3Dovecot OpensuseRedhat4Dovecot Enterprise LinuxLeap+1 moreNov 21, 2024 Nov 5, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. |
5Debian FedoraprojectPypa+2 more6Debian Linux FedoraOpenshift+3 moreNov 21, 2024 Nov 5, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. |
1Redhat 2389 Directory Server Directory ServerNov 21, 2024 Nov 5, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. |
4Isc NicNlnetlabs+1 more4Bind Enterprise LinuxKnot Resolver+1 moreNov 21, 2024 Nov 5, 2019 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 Cache Poisoning issue exists in DNS Response Rate Limiting. |
3Debian NokogiriRedhat7Cloudforms Management Engine Debian LinuxEnterprise Mrg+4 moreNov 21, 2024 Nov 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits |
3Debian NokogiriRedhat7Cloudforms Management Engine Debian LinuxEnterprise Mrg+4 moreNov 21, 2024 Nov 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents |
4Debian GnomeOpensuse+1 more4Debian Linux Enterprise LinuxGnome Display Manager+1 moreNov 21, 2024 Nov 5, 2019 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 gdm3 3.14.2 and possibly later has an information leak before screen lock |
2Kubernetes Redhat2Kube State Metrics Openshift Container PlatformNov 21, 2024 Nov 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-...Show more |