Filtered by vendor Redhat
Subscribe
Total
5685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2573 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||||
| CVE-2016-1677 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." | |||||
| CVE-2014-0226 | 4 Apache, Debian, Oracle and 1 more | 7 Http Server, Debian Linux, Enterprise Manager Ops Center and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | |||||
| CVE-2014-3575 | 3 Apache, Libreoffice, Redhat | 5 Openoffice, Libreoffice, Enterprise Linux Desktop and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | |||||
| CVE-2016-7040 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | |||||
| CVE-2014-1497 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. | |||||
| CVE-2014-3673 | 7 Canonical, Debian, Linux and 4 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | |||||
| CVE-2016-6330 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | 9.0 HIGH | 9.8 CRITICAL |
| The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. | |||||
| CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2025-04-12 | 6.4 MEDIUM | N/A |
| DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |||||
| CVE-2015-3209 | 8 Arista, Canonical, Debian and 5 more | 19 Eos, Ubuntu Linux, Debian Linux and 16 more | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | |||||
| CVE-2016-1682 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. | |||||
| CVE-2016-0793 | 2 Microsoft, Redhat | 2 Windows, Jboss Wildfly Application Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | |||||
| CVE-2016-7865 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2014-9658 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 7.5 HIGH | N/A |
| The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | |||||
| CVE-2015-1774 | 6 Apache, Canonical, Debian and 3 more | 8 Openoffice, Ubuntu Linux, Debian Linux and 5 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. | |||||
| CVE-2014-0042 | 1 Redhat | 1 Openstack | 2025-04-12 | 4.3 MEDIUM | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. | |||||
| CVE-2011-2941 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. | |||||
| CVE-2015-0347 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
| CVE-2016-4300 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | |||||