Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-1000251 4Debian LinuxNvidia+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more May 13, 2026 Sep 12, 2017 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuratio...Show more The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.Show less
CVE-2015-3163 1Redhat 1Beaker May 13, 2026 Sep 6, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $B...Show more The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.Show less
CVE-2017-1000083 3Debian GnomeRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Sep 5, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with...Show more backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.Show less
CVE-2017-0902 4Canonical DebianRedhat+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more May 13, 2026 Aug 31, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
CVE-2017-0901 4Canonical DebianRedhat+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more May 13, 2026 Aug 31, 2017 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2017-0900 3Debian RedhatRubygems 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Aug 31, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
CVE-2017-0899 3Debian RedhatRubygems 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Aug 31, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
CVE-2017-14064 4Canonical DebianRedhat+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more May 13, 2026 Aug 31, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encou...Show more Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.Show less
CVE-2014-8163 1Redhat 1Satellite May 13, 2026 Aug 28, 2017 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2014-8168 1Redhat 1Satellite May 13, 2026 Aug 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.6 MEDIUM· v2 Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2014-0141 1Redhat 1Satellite May 13, 2026 Aug 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2015-5293 1Redhat 1Enterprise Virtualization Manager May 13, 2026 Aug 24, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to...Show more Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.Show less
CVE-2017-11610 4Debian FedoraprojectRedhat+1 more 4Cloudforms Debian LinuxFedora+1 more May 13, 2026 Aug 23, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nest...Show more The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.Show less
CVE-2017-5208 3Debian Icoutils ProjectRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Aug 22, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash)...Show more Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.Show less
CVE-2016-6311 1Redhat 1Jboss Enterprise Application Platform May 13, 2026 Aug 22, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
CVE-2016-6310 1Redhat 1Enterprise Virtualization May 13, 2026 Aug 22, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
CVE-2017-10661 3Debian LinuxRedhat 6Debian Linux Enterprise LinuxEnterprise Linux Aus+3 more May 13, 2026 Aug 19, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that le...Show more Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.Show less
CVE-2017-3106 2Adobe Redhat 5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+2 more May 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3085 2Adobe Redhat 5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+2 more May 13, 2026 Aug 11, 2017 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
CVE-2016-6796 6Apache CanonicalDebian+3 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+12 more May 13, 2026 Aug 11, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the...Show more A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.Show less

Previous 1...174175176...285 Next