Filtered by vendor Redhat
Subscribe
Total
5572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6662 | 2 Jqueryui, Redhat | 5 Jquery Ui, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2018-07-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | |||||
| CVE-2013-4209 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2018-06-13 | 2.1 LOW | 3.3 LOW |
| Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | |||||
| CVE-2013-2049 | 1 Redhat | 1 Cloudforms Management Engine | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | |||||
| CVE-2013-2233 | 1 Redhat | 1 Ansible | 2018-06-07 | 5.8 MEDIUM | 7.4 HIGH |
| Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | |||||
| CVE-2015-3246 | 1 Redhat | 1 Libuser | 2018-05-20 | 7.2 HIGH | N/A |
| libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. | |||||
| CVE-2012-5604 | 1 Redhat | 1 Cloudforms | 2018-05-12 | 4.3 MEDIUM | N/A |
| The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2016-0793 | 2 Microsoft, Redhat | 2 Windows, Jboss Wildfly Application Server | 2018-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | |||||
| CVE-2004-0902 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2018-05-03 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | |||||
| CVE-2004-0077 | 4 Linux, Netwosix, Redhat and 1 more | 7 Linux Kernel, Netwosix Linux, Bigmem Kernel and 4 more | 2018-05-03 | 7.2 HIGH | N/A |
| The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | |||||
| CVE-2003-0962 | 4 Andrew Tridgell, Engardelinux, Redhat and 1 more | 5 Rsync, Secure Community, Secure Linux and 2 more | 2018-05-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. | |||||
| CVE-2003-0688 | 6 Compaq, Freebsd, Openbsd and 3 more | 6 Tru64, Freebsd, Openbsd and 3 more | 2018-05-03 | 5.0 MEDIUM | N/A |
| The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. | |||||
| CVE-2003-0686 | 2 Dave Airlie, Redhat | 2 Pam Smb, Pam Smb | 2018-05-03 | 7.5 HIGH | N/A |
| Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0464 | 1 Redhat | 1 Linux | 2018-05-03 | 4.6 MEDIUM | N/A |
| The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. | |||||
| CVE-2003-0442 | 2 Php, Redhat | 2 Php, Linux | 2018-05-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. | |||||
| CVE-2001-0886 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2018-05-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. | |||||
| CVE-2001-0872 | 3 Openbsd, Redhat, Suse | 3 Openssh, Linux, Suse Linux | 2018-05-03 | 7.2 HIGH | N/A |
| OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. | |||||
| CVE-2001-0869 | 3 Caldera, Redhat, Suse | 5 Openlinux Eserver, Openlinux Workstation, Linux and 2 more | 2018-05-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0852 | 1 Redhat | 1 Linux | 2018-05-03 | 5.0 MEDIUM | N/A |
| TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header. | |||||
| CVE-2000-0867 | 5 Debian, Mandrakesoft, Redhat and 2 more | 5 Debian Linux, Mandrake Linux, Linux and 2 more | 2018-05-03 | 7.2 HIGH | N/A |
| Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||||
| CVE-2000-0666 | 5 Conectiva, Debian, Redhat and 2 more | 5 Linux, Debian Linux, Linux and 2 more | 2018-05-03 | 10.0 HIGH | N/A |
| rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. | |||||