Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5160 2Libvirt Redhat 10Enterprise Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Nov 21, 2024 Aug 20, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
CVE-2018-1000632 5Debian Dom4j ProjectNetapp+2 more 14Debian Linux Dom4jFlexcube Investor Servicing+11 more Nov 21, 2024 Aug 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection....Show more dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.Show less
CVE-2018-15473 7Canonical DebianNetapp+4 more 22Aff Baseboard Management Controller Cloud BackupClustered Data Ontap+19 more Dec 17, 2025 Aug 17, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c,...Show more OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.Show less
CVE-2018-10873 4Canonical DebianRedhat+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Aug 17, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send speci...Show more A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.Show less
CVE-2016-9598 2Redhat Xmlsoft 2Jboss Core Services Libxml2 Nov 21, 2024 Aug 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists beca...Show more libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.Show less
CVE-2016-9596 2Redhat Xmlsoft 2Jboss Core Services Libxml2 Nov 21, 2024 Aug 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists...Show more libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.Show less
CVE-2018-10864 1Redhat 1Certification Nov 21, 2024 Aug 13, 2018 N/A· v4 6.2 MEDIUM· v3 5.0 MEDIUM· v2 An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed...Show more An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.Show less
CVE-2017-15138 1Redhat 1Openshift Container Platform Nov 21, 2024 Aug 13, 2018 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
CVE-2018-10931 2Cobbler Project Redhat 2Cobbler Satellite Nov 21, 2024 Aug 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbi...Show more It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.Show less
CVE-2018-10915 4Canonical DebianPostgresql+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Aug 9, 2018 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" co...Show more A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.Show less
CVE-2018-10908 2Ovirt Redhat 2Vdsm Virtualization Nov 21, 2024 Aug 9, 2018 N/A· v4 6.3 MEDIUM· v3 7.1 HIGH· v2 It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amo...Show more It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.Show less
CVE-2018-5390 8A10networks CanonicalCisco+5 more 38Advanced Core Operating System Aruba Airwave AmpAruba Clearpass Policy Manager+35 more Jun 17, 2026 Aug 6, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-1336 4Apache CanonicalDebian+1 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Aug 2, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5...Show more An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.Show less
CVE-2015-9262 4Canonical DebianRedhat+1 more 7Ansible Tower Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Aug 1, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVE-2018-10897 2Redhat Rpm 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Aug 1, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy file...Show more A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.Show less
CVE-2018-10894 1Redhat 2Keycloak Single Sign On Nov 21, 2024 Aug 1, 2018 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
CVE-2016-9583 3Jasper Project OracleRedhat 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+5 more Nov 21, 2024 Aug 1, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-8609 1Redhat 1Keycloak Nov 21, 2024 Aug 1, 2018 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to...Show more It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.Show less
CVE-2016-9579 1Redhat 6Ceph Storage Ceph Storage MonCeph Storage Osd+3 more Nov 21, 2024 Aug 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of se...Show more A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.Show less
CVE-2016-8654 3Debian Jasper ProjectRedhat 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Aug 1, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

Previous 1...137138139...285 Next