Filtered by vendor Redhat
Subscribe
Total
5572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0665 | 3 Canonical, Oracle, Redhat | 3 Ubuntu Linux, Mysql, Enterprise Linux | 2019-04-22 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. | |||||
| CVE-2014-8177 | 1 Redhat | 4 Enterprise Linux, Gluster Storage Management Console, Gluster Storage Server and 1 more | 2019-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. | |||||
| CVE-2008-3277 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2019-04-22 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. | |||||
| CVE-2013-0281 | 2 Clusterlabs, Redhat | 2 Pacemaker, Enterprise Linux | 2019-04-22 | 4.3 MEDIUM | N/A |
| Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). | |||||
| CVE-2015-3307 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. | |||||
| CVE-2011-4734 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. | |||||
| CVE-2011-4726 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. | |||||
| CVE-2013-2174 | 4 Canonical, Haxx, Opensuse and 1 more | 5 Ubuntu Linux, Curl, Libcurl and 2 more | 2019-04-22 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. | |||||
| CVE-2015-2783 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 5.8 MEDIUM | N/A |
| ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. | |||||
| CVE-2011-4747 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 5.0 MEDIUM | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list. | |||||
| CVE-2013-4485 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2019-04-22 | 4.0 MEDIUM | N/A |
| 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | |||||
| CVE-2011-4739 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 10.0 HIGH | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. | |||||
| CVE-2011-4735 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files. | |||||
| CVE-2013-2188 | 1 Redhat | 1 Enterprise Linux | 2019-04-22 | 4.7 MEDIUM | N/A |
| A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only. | |||||
| CVE-2015-3900 | 4 Oracle, Redhat, Ruby-lang and 1 more | 4 Solaris, Enterprise Linux, Ruby and 1 more | 2019-04-22 | 5.0 MEDIUM | N/A |
| RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." | |||||
| CVE-2015-4598 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 7.5 HIGH | 6.5 MEDIUM |
| PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. | |||||
| CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 3 Enterprise Linux, Ruby, Rubygems | 2019-04-22 | 4.3 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | |||||
| CVE-2016-0607 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2019-04-22 | 2.8 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. | |||||
| CVE-2015-9262 | 4 Canonical, Debian, Redhat and 1 more | 7 Ubuntu Linux, Debian Linux, Ansible Tower and 4 more | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | |||||
| CVE-2014-8114 | 1 Redhat | 1 Uberfire | 2019-04-12 | 6.8 MEDIUM | N/A |
| The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet. | |||||