Filtered by vendor Redhat
Subscribe
Total
5687 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1777 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Rhn-client-tools | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | |||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | |||||
| CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||||
| CVE-2014-8171 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | |||||
| CVE-2014-8141 | 2 Redhat, Unzip Project | 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8140 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8139 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8130 | 3 Apple, Libtiff, Redhat | 9 Iphone Os, Mac Os X, Libtiff and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. | |||||
| CVE-2014-8129 | 4 Apple, Debian, Libtiff and 1 more | 8 Iphone Os, Mac Os X, Debian Linux and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. | |||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 8 Bsd Mailx, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | |||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability | |||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||