Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 5724 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0022 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2025-04-11 4.7 MEDIUM N/A
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
CVE-2014-1486 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-11 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
CVE-2013-4172 1 Redhat 1 Cloudforms Management Engine 2025-04-11 8.5 HIGH N/A
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
CVE-2011-3590 1 Redhat 1 Kexec-tools 2025-04-11 5.7 MEDIUM N/A
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.
CVE-2010-2474 1 Redhat 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform 2025-04-11 3.5 LOW N/A
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
CVE-2013-0744 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2025-04-11 9.3 HIGH N/A
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.
CVE-2011-4930 3 Condor Project, Fedoraproject, Redhat 3 Condor, Fedora, Enterprise Mrg 2025-04-11 4.4 MEDIUM N/A
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
CVE-2012-4556 1 Redhat 1 Certificate System 2025-04-11 4.0 MEDIUM N/A
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
CVE-2011-1484 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform, Jboss Seam 2 Framework 2025-04-11 6.8 MEDIUM N/A
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
CVE-2013-4222 4 Canonical, Fedoraproject, Openstack and 1 more 4 Ubuntu Linux, Fedora, Keystone and 1 more 2025-04-11 6.5 MEDIUM N/A
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
CVE-2013-0164 1 Redhat 2 Openshift, Openshift Origin 2025-04-11 3.6 LOW N/A
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2012-3406 3 Canonical, Gnu, Redhat 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more 2025-04-11 6.8 MEDIUM N/A
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
CVE-2014-0386 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2025-04-11 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2012-4546 1 Redhat 1 Enterprise Linux 2025-04-11 4.3 MEDIUM N/A
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.
CVE-2012-4181 3 Canonical, Mozilla, Redhat 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2025-04-11 9.3 HIGH N/A
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2011-3188 3 F5, Linux, Redhat 15 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 12 more 2025-04-11 6.4 MEDIUM 9.1 CRITICAL
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVE-2013-4424 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4482 2 Redhat, Scientificlinux 2 Enterprise Linux, Luci 2025-04-11 6.2 MEDIUM N/A
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
CVE-2012-2035 8 Adobe, Apple, Google and 5 more 13 Air, Flash Player, Macos and 10 more 2025-04-11 9.3 HIGH N/A
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2525 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 7.2 HIGH 7.8 HIGH
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.