Filtered by vendor Redhat
Subscribe
Total
5572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2019-11-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | |||||
| CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2019-11-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | |||||
| CVE-2018-8945 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. | |||||
| CVE-2018-7643 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-31 | 6.8 MEDIUM | 7.8 HIGH |
| The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | |||||
| CVE-2018-7569 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | |||||
| CVE-2018-7568 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | |||||
| CVE-2018-7208 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-31 | 6.8 MEDIUM | 7.8 HIGH |
| In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. | |||||
| CVE-2019-14858 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2019-10-24 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. | |||||
| CVE-2018-14665 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2019-10-22 | 7.2 HIGH | 6.6 MEDIUM |
| A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | |||||
| CVE-2019-3834 | 1 Redhat | 1 Jboss Operations Network | 2019-10-10 | 6.8 MEDIUM | 7.3 HIGH |
| It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. | |||||
| CVE-2019-3890 | 2 Gnome, Redhat | 2 Evolution-ews, Enterprise Linux | 2019-10-09 | 5.8 MEDIUM | 8.1 HIGH |
| It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. | |||||
| CVE-2019-3875 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 5.8 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle. | |||||
| CVE-2019-3872 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | |||||
| CVE-2019-3825 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Gnome Display Manager, Enterprise Linux | 2019-10-09 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | |||||
| CVE-2019-14826 | 2 Freeipa, Redhat | 2 Freeipa, Enterprise Linux | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. | |||||
| CVE-2019-10157 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. | |||||
| CVE-2018-5379 | 5 Canonical, Debian, Quagga and 2 more | 10 Ubuntu Linux, Debian Linux, Quagga and 7 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. | |||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | |||||
| CVE-2018-1656 | 3 Ibm, Oracle, Redhat | 6 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 3 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | |||||
| CVE-2018-1517 | 2 Ibm, Redhat | 5 Software Development Kit, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | |||||