Filtered by vendor Redhat
Subscribe
Total
486 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3690 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | |||||
CVE-2017-5204 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | |||||
CVE-2017-7504 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | |||||
CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 9 Debian Linux, Openssh, Linux and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | |||||
CVE-2017-7503 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | |||||
CVE-2016-9634 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | |||||
CVE-2016-9636 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. | |||||
CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
CVE-2017-5203 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | |||||
CVE-2014-5009 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | |||||
CVE-2017-5205 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | |||||
CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2016-9635 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. | |||||
CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Snoopy allows remote attackers to execute arbitrary commands. | |||||
CVE-2017-5202 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||||
CVE-2017-5929 | 2 Qos, Redhat | 3 Logback, Satellite, Satellite Capsule | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. | |||||
CVE-2017-5645 | 4 Apache, Netapp, Oracle and 1 more | 79 Log4j, Oncommand Api Services, Oncommand Insight and 76 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | |||||
CVE-2014-8241 | 2 Redhat, Tigervnc | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | |||||
CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |