Filtered by vendor Redhat
Subscribe
Total
5724 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4097 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | |||||
| CVE-2012-5835 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 10.0 HIGH | N/A |
| Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. | |||||
| CVE-2013-4213 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||||
| CVE-2013-4236 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-11 | 2.7 LOW | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||||
| CVE-2012-4543 | 1 Redhat | 1 Certificate System | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. | |||||
| CVE-2010-0738 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | |||||
| CVE-2012-5660 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2025-04-11 | 6.9 MEDIUM | N/A |
| abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." | |||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2010-4265 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Remoting | 2025-04-11 | 2.6 LOW | N/A |
| The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. | |||||
| CVE-2012-2333 | 2 Openssl, Redhat | 2 Openssl, Openssl | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. | |||||
| CVE-2013-4299 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 6.0 MEDIUM | N/A |
| Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | |||||
| CVE-2013-3329 | 8 Adobe, Apple, Google and 5 more | 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. | |||||
| CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-11 | 5.6 MEDIUM | N/A |
| A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||||
| CVE-2013-0641 | 7 Adobe, Apple, Linux and 4 more | 12 Acrobat, Acrobat Reader, Mac Os X and 9 more | 2025-04-11 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. | |||||
| CVE-2011-2699 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | 7.8 HIGH | 7.5 HIGH |
| The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. | |||||
| CVE-2012-5478 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2025-04-11 | 4.9 MEDIUM | N/A |
| The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. | |||||
| CVE-2012-3552 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux Eus | 2025-04-11 | 7.1 HIGH | 5.9 MEDIUM |
| Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. | |||||
| CVE-2011-4608 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 7.5 HIGH | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | |||||
| CVE-2011-4346 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. | |||||
| CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | |||||