Filtered by vendor Redhat
Subscribe
Total
5530 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4555 | 1 Redhat | 1 Certificate System | 2023-12-10 | 4.0 MEDIUM | N/A |
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. | |||||
CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-12-10 | 4.0 MEDIUM | N/A |
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||
CVE-2013-5870 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
CVE-2012-1149 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Openoffice.org, Debian Linux, Fedora and 7 more | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. | |||||
CVE-2013-2375 | 3 Mariadb, Oracle, Redhat | 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more | 2023-12-10 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2013-0753 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. | |||||
CVE-2012-4543 | 1 Redhat | 1 Certificate System | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. | |||||
CVE-2012-3961 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-1972 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-5659 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2023-12-10 | 3.7 LOW | N/A |
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. | |||||
CVE-2012-3163 | 6 Canonical, Debian, F5 and 3 more | 21 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 18 more | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | |||||
CVE-2013-1927 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2023-12-10 | 6.8 MEDIUM | N/A |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." | |||||
CVE-2013-1824 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | N/A |
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. | |||||
CVE-2013-2188 | 1 Redhat | 1 Enterprise Linux | 2023-12-10 | 4.7 MEDIUM | N/A |
A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only. | |||||
CVE-2012-6118 | 1 Redhat | 1 Aeolus Conductor | 2023-12-10 | 5.5 MEDIUM | N/A |
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | |||||
CVE-2012-1975 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2013-4297 | 1 Redhat | 1 Libvirt | 2023-12-10 | 4.0 MEDIUM | N/A |
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. | |||||
CVE-2012-3960 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2014-0412 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||||
CVE-2012-3982 | 5 Canonical, Debian, Mozilla and 2 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2023-12-10 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |