Filtered by vendor Redhat
Subscribe
Total
1662 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4861 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||||
CVE-2015-4864 | 4 Canonical, Mariadb, Oracle and 1 more | 10 Ubuntu Linux, Mariadb, Mysql and 7 more | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | |||||
CVE-2015-3247 | 2 Redhat, Spice Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. | |||||
CVE-2015-5220 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. | |||||
CVE-2015-1841 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 3.7 LOW | N/A |
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | |||||
CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 7.5 HIGH | N/A |
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | |||||
CVE-2015-2643 | 6 Canonical, Debian, Mariadb and 3 more | 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 3.5 LOW | N/A |
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||||
CVE-2015-5123 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
CVE-2015-3330 | 4 Apple, Oracle, Php and 1 more | 11 Mac Os X, Linux, Solaris and 8 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." | |||||
CVE-2015-5317 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 5.0 MEDIUM | N/A |
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | |||||
CVE-2015-7498 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | |||||
CVE-2015-1289 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-4148 | 3 Apple, Php, Redhat | 8 Mac Os X, Php, Enterprise Linux Desktop and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. | |||||
CVE-2015-1277 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. | |||||
CVE-2016-0595 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
CVE-2015-1818 | 1 Redhat | 1 Jboss Bpm Suite | 2023-12-10 | 7.5 HIGH | N/A |
XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document. | |||||
CVE-2015-5274 | 1 Redhat | 1 Openshift | 2023-12-10 | 6.5 MEDIUM | N/A |
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |||||
CVE-2015-4826 | 7 Canonical, Debian, Fedoraproject and 4 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | |||||
CVE-2015-1279 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. |