Filtered by vendor Redhat
Subscriptions
Total
23068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8174 | 1 Redhat | 1 Edeploy | 2025-04-20 | N/A |
| eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | ||||
| CVE-2014-3498 | 1 Redhat | 1 Ansible | 2025-04-20 | N/A |
| The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2014-0146 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-20 | N/A |
| The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. | ||||
| CVE-2014-0145 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-20 | N/A |
| Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). | ||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | ||||
| CVE-2014-0121 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2025-04-20 | N/A |
| The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | ||||
| CVE-2014-0029 | 1 Redhat | 1 Subscription Asset Manager | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2013-4578 | 2 Oracle, Redhat | 5 Jdk, Jre, Enterprise Linux and 2 more | 2025-04-20 | N/A |
| jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | ||||
| CVE-2017-7506 | 2 Redhat, Spice Project | 2 Enterprise Linux, Spice | 2025-04-20 | N/A |
| spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | ||||
| CVE-2017-16939 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-20 | 7.8 High |
| The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. | ||||
| CVE-2017-16541 | 5 Apple, Debian, Linux and 2 more | 11 Macos, Debian Linux, Linux Kernel and 8 more | 2025-04-20 | 6.5 Medium |
| Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | ||||
| CVE-2017-1000405 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | 7.0 High |
| The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. | ||||
| CVE-2016-10158 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-20 | N/A |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | ||||
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | ||||
| CVE-2016-3107 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2025-04-20 | N/A |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | ||||
| CVE-2016-9445 | 2 Gstreamer Project, Redhat | 2 Gstreamer, Enterprise Linux | 2025-04-20 | 7.5 High |
| Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | ||||
| CVE-2014-8127 | 3 Libtiff, Opensuse, Redhat | 3 Libtiff, Opensuse, Enterprise Linux | 2025-04-20 | N/A |
| LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. | ||||
| CVE-2017-10384 | 5 Debian, Mariadb, Netapp and 2 more | 19 Debian Linux, Mariadb, Active Iq Unified Manager and 16 more | 2025-04-20 | 6.5 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2017-10379 | 5 Debian, Mariadb, Netapp and 2 more | 19 Debian Linux, Mariadb, Active Iq Unified Manager and 16 more | 2025-04-20 | 6.5 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2017-10378 | 5 Debian, Mariadb, Netapp and 2 more | 19 Debian Linux, Mariadb, Active Iq Unified Manager and 16 more | 2025-04-20 | 6.5 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||