Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-7060 1Redhat 1Quickstart Cloud Installer May 13, 2026 Apr 14, 2017 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
CVE-2016-6489 3Canonical Nettle ProjectRedhat 6Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+3 more May 13, 2026 Apr 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2016-4455 1Redhat 5Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+2 more May 13, 2026 Apr 14, 2017 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information b...Show more The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.Show less
CVE-2016-4970 3Apache NettyRedhat 4Cassandra Jboss Data GridJboss Middleware Text Only Advisories+1 more May 13, 2026 Apr 13, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
CVE-2016-2104 1Redhat 1Satellite May 13, 2026 Apr 13, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) sear...Show more Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.Show less
CVE-2016-6348 1Redhat 1Resteasy May 13, 2026 Apr 12, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVE-2016-4459 1Redhat 2Enterprise Linux Mod Cluster May 13, 2026 Apr 12, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
CVE-2016-4989 2Redhat Setroubleshoot Project 5Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+2 more May 13, 2026 Apr 11, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath funct...Show more setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.Show less
CVE-2016-4446 2Redhat Setroubleshoot Project 5Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+2 more May 13, 2026 Apr 11, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
CVE-2016-4445 2Redhat Setroubleshoot Project 5Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+2 more May 13, 2026 Apr 11, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external comma...Show more The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.Show less
CVE-2016-4444 2Redhat Setroubleshoot Project 5Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+2 more May 13, 2026 Apr 11, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput f...Show more The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.Show less
CVE-2016-1908 4Debian OpenbsdOracle+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more May 29, 2026 Apr 11, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and...Show more The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.Show less
CVE-2016-5011 3Ibm KernelRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 13, 2026 Apr 11, 2017 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with a...Show more The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.Show less
CVE-2016-8735 6Apache CanonicalDebian+3 more 197 Mode Transition Tool Agile Engineering Data ManagementAgile Plm+16 more Apr 21, 2026 Apr 6, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX p...Show more Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.Show less
CVE-2014-5009 3Nagios RedhatSnoopy 3Nagios OpenstackSnoopy May 13, 2026 Mar 31, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2014-5008 3Debian RedhatSnoopy 3Debian Linux OpenstackSnoopy May 13, 2026 Mar 31, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Snoopy allows remote attackers to execute arbitrary commands.
CVE-2008-7313 3Nagios RedhatSnoopy 3Nagios OpenstackSnoopy May 13, 2026 Mar 31, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2017-5973 3Debian QemuRedhat 4Debian Linux OpenstackQemu+1 more May 13, 2026 Mar 27, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control tra...Show more The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.Show less
CVE-2016-7797 5Clusterlabs OpensuseOpensuse Project+2 more 7Enterprise Linux High Availability Enterprise Linux Resilient StorageLeap+4 more May 13, 2026 Mar 24, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2015-8896 3Imagemagick OracleRedhat 8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 more May 13, 2026 Mar 15, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

Previous 1...182183184...285 Next