Filtered by vendor Redhat
Subscriptions
Total
23102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2326 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 5.5 Medium |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | ||||
| CVE-2015-2325 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 7.8 High |
| The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | ||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 10 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 7 more | 2024-11-21 | 5.5 Medium |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-1869 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | ||||
| CVE-2015-1853 | 2 Redhat, Tuxfamily | 2 Enterprise Linux, Chrony | 2024-11-21 | 6.5 Medium |
| chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | ||||
| CVE-2015-1811 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | ||||
| CVE-2015-1809 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | ||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-11-21 | 6.5 Medium |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | ||||
| CVE-2015-1777 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Rhn-client-tools | 2024-11-21 | N/A |
| rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | ||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 7.5 High |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | ||||
| CVE-2015-0244 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 9.8 Critical |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | ||||
| CVE-2015-0243 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-0241 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 8.8 High |
| The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | ||||
| CVE-2015-0203 | 2 Apache, Redhat | 4 Qpid, Enterprise Mrg, Satellite and 1 more | 2024-11-21 | N/A |
| The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. | ||||
| CVE-2014-9356 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | 8.6 High |
| Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | ||||
| CVE-2014-8184 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-11-21 | 7.8 High |
| A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | ||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | 7.4 High |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||||
| CVE-2014-8182 | 3 Debian, Openldap, Redhat | 3 Debian Linux, Openldap, Enterprise Linux | 2024-11-21 | 7.5 High |
| An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. | ||||
| CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2024-11-21 | 5.5 Medium |
| The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | ||||
| CVE-2014-8171 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | N/A |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | ||||