Filtered by vendor Redhat
Subscriptions
Total
22961 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8011 | 4 Debian, Fedoraproject, Lldpd Project and 1 more | 8 Debian Linux, Fedora, Lldpd and 5 more | 2024-11-21 | 9.8 Critical |
| Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | ||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 4.7 Medium |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | ||||
| CVE-2015-7559 | 2 Apache, Redhat | 4 Activemq, Jboss A-mq, Jboss Amq and 1 more | 2024-11-21 | 2.7 Low |
| It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | ||||
| CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2024-11-21 | 3.5 Low |
| The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | ||||
| CVE-2015-5741 | 2 Golang, Redhat | 3 Go, Enterprise Linux, Openstack | 2024-11-21 | 9.8 Critical |
| The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. | ||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2024-11-21 | 6.5 Medium |
| Designate does not enforce the DNS protocol limit concerning record set sizes | ||||
| CVE-2015-5201 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2024-11-21 | 7.5 High |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | ||||
| CVE-2015-5160 | 2 Libvirt, Redhat | 11 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | N/A |
| libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | ||||
| CVE-2015-3167 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2024-11-21 | 7.5 High |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | ||||
| CVE-2015-3166 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2024-11-21 | 9.8 Critical |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | ||||
| CVE-2015-3159 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | ||||
| CVE-2015-3151 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | ||||
| CVE-2015-3150 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.1 High |
| abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | ||||
| CVE-2015-3147 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 Medium |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | ||||
| CVE-2015-2326 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 5.5 Medium |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | ||||
| CVE-2015-2325 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 7.8 High |
| The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2024-11-21 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 10 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 7 more | 2024-11-21 | 5.5 Medium |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-1869 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | ||||
| CVE-2015-1853 | 2 Redhat, Tuxfamily | 2 Enterprise Linux, Chrony | 2024-11-21 | 6.5 Medium |
| chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | ||||