Filtered by vendor Redhat
Subscribe
Total
486 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |||||
CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
CVE-2019-10212 | 2 Netapp, Redhat | 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more | 2023-12-10 | 4.3 MEDIUM | 9.8 CRITICAL |
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | |||||
CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
CVE-2019-18805 | 5 Broadcom, Linux, Netapp and 2 more | 22 Fabric Operating System, Linux Kernel, Active Iq Unified Manager and 19 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | |||||
CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | |||||
CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
cumin: At installation postgresql database user created without password | |||||
CVE-2013-2167 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Python-keystoneclient, Openstack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | |||||
CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | |||||
CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||
CVE-2014-4657 | 1 Redhat | 1 Ansible | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |||||
CVE-2019-14892 | 3 Apache, Fasterxml, Redhat | 8 Geode, Jackson-databind, Decision Manager and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | |||||
CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 10 Fedora, Openslp, Enterprise Linux Desktop and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | |||||
CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | |||||
CVE-2019-11234 | 4 Canonical, Fedoraproject, Freeradius and 1 more | 4 Ubuntu Linux, Fedora, Freeradius and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | |||||
CVE-2019-12450 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | |||||
CVE-2019-9788 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
CVE-2019-1003029 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | |||||
CVE-2019-0160 | 4 Fedoraproject, Opensuse, Redhat and 1 more | 8 Fedora, Leap, Enterprise Linux and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | |||||
CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. |