Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4374 1Redhat 2Jboss Operations Network Rhq Mongo Db Drift Server Nov 21, 2024 Nov 4, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
CVE-2017-5333 5Canonical DebianIcoutils Project+2 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more Nov 21, 2024 Nov 4, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafte...Show more Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.Show less
CVE-2017-5332 5Canonical DebianIcoutils Project+2 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more Nov 21, 2024 Nov 4, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a...Show more The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.Show less
CVE-2015-8980 4Fedoraproject OpensusePhp Gettext Project+1 more 4Enterprise Linux FedoraLeap+1 more Nov 21, 2024 Nov 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2013-4409 3Fedoraproject RedhatReviewboard 4Djblets Enterprise LinuxFedora+1 more Nov 21, 2024 Nov 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVE-2013-4251 4Debian FedoraprojectRedhat+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 Nov 4, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
CVE-2013-4280 1Redhat 3Enterprise Virtualization StorageVirtual Desktop Server Manager Nov 21, 2024 Nov 4, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
CVE-2005-4890 3Debian RedhatSudo Project 4Debian Linux Enterprise LinuxShadow+1 more Nov 21, 2024 Nov 4, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into...Show more There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.Show less
CVE-2014-3649 1Redhat 1Jboss Aerogear Nov 21, 2024 Nov 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JBoss AeroGear has reflected XSS via the password field
CVE-2013-4518 1Redhat 1Update Infrastructure Nov 21, 2024 Nov 4, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
CVE-2013-4423 1Redhat 1Cloudforms Nov 21, 2024 Nov 4, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 CloudForms stores user passwords in recoverable format
CVE-2019-6470 3Isc OpensuseRedhat 19Dhcpd Enterprise LinuxEnterprise Linux Desktop+16 more Apr 11, 2025 Nov 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but t...Show more There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.Show less
CVE-2013-2255 3Debian OpenstackRedhat 4Compute Debian LinuxKeystone+1 more Nov 21, 2024 Nov 1, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
CVE-2013-0186 1Redhat 2Cloudforms Manageiq Enterprise Virtualization Manager Nov 21, 2024 Nov 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0165 1Redhat 1Openshift Nov 21, 2024 Nov 1, 2019 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2011-3923 2Apache Redhat 2Jboss Enterprise Web Server Struts Nov 21, 2024 Nov 1, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVE-2013-4751 3Fedoraproject RedhatSensiolabs 3Enterprise Linux FedoraSymfony Nov 21, 2024 Nov 1, 2019 N/A· v4 8.1 HIGH· v3 4.9 MEDIUM· v2 php-symfony2-Validator has loss of information during serialization
CVE-2013-3718 4Debian GnomeOpensuse+1 more 4Debian Linux Enterprise LinuxEvince+1 more Nov 21, 2024 Nov 1, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 evince is missing a check on number of pages which can lead to a segmentation fault
CVE-2019-5010 4Debian OpensusePython+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Eus+4 more Nov 21, 2024 Oct 31, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial o...Show more An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.Show less
CVE-2010-2783 1Redhat 1Icedtea6 Nov 21, 2024 Oct 31, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

Previous 1...899091...284 Next