Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0298 1Redhat 1Mod Cluster May 6, 2026 Aug 24, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
CVE-2015-1819 8Apple CanonicalDebian+5 more 12Debian Linux Enterprise LinuxFedora+9 more May 6, 2026 Aug 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2015-5165 7Arista DebianFedoraproject+4 more 24Debian Linux Enterprise Linux Compute Node EusEnterprise Linux Desktop+21 more May 6, 2026 Aug 12, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-3908 1Redhat 1Ansible May 6, 2026 Aug 12, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SS...Show more Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2015-1867 2Clusterlabs Redhat 3Enterprise Linux High Availability Enterprise Linux Resilient StoragePacemaker May 6, 2026 Aug 12, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
CVE-2015-5176 1Redhat 1Jboss Portal May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a reques...Show more The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.Show less
CVE-2015-3267 1Redhat 1Jboss Operations Network May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-3246 1Redhat 1Libuser May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) b...Show more libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.Show less
CVE-2015-3245 1Redhat 1Libuser May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc...Show more Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.Show less
CVE-2015-1818 1Redhat 1Jboss Bpm Suite May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitr...Show more XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.Show less
CVE-2015-4495 6Canonical MozillaOpensuse+3 more 15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 more Apr 22, 2026 Aug 8, 2015 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vector...Show more The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.Show less
CVE-2015-3636 4Canonical DebianLinux+1 more 4Debian Linux Enterprise LinuxLinux Kernel+1 more May 6, 2026 Aug 6, 2015 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of...Show more The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.Show less
CVE-2015-1289 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1288 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestio...Show more The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.Show less
CVE-2015-1287 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remo...Show more Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.Show less
CVE-2015-1286 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject...Show more Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."Show less
CVE-2015-1285 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for r...Show more The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.Show less
CVE-2015-1284 3Google OpensuseRedhat 5Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+2 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to c...Show more The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.Show less
CVE-2015-1282 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified oth...Show more Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.Show less
CVE-2015-1281 4Debian GoogleOpensuse+1 more 7Chrome Debian LinuxEnterprise Linux Desktop Supplementary+4 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restric...Show more core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.Show less

Previous 1...205206207...284 Next