Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 5678 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5314 4 Debian, Libtiff, Opensuse and 1 more 5 Debian Linux, Libtiff, Leap and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVE-2016-5285 5 Avaya, Debian, Mozilla and 2 more 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVE-2016-4983 3 Dovecot, Opensuse, Redhat 4 Dovecot, Leap, Opensuse and 1 more 2024-11-21 2.1 LOW 3.3 LOW
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
CVE-2016-4980 3 Ethz, Fedoraproject, Redhat 3 Xquest, Fedora, Enterprise Linux 2024-11-21 1.9 LOW 2.5 LOW
A password generation weakness exists in xquest through 2016-06-13.
CVE-2016-2125 2 Redhat, Samba 8 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 5 more 2024-11-21 3.3 LOW 6.5 MEDIUM
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
CVE-2016-2124 5 Canonical, Debian, Fedoraproject and 2 more 24 Ubuntu Linux, Debian Linux, Fedora and 21 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
CVE-2016-2121 1 Redhat 1 Openstack 2024-11-21 2.1 LOW 4.0 MEDIUM
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
CVE-2016-10746 2 Debian, Redhat 2 Debian Linux, Libvirt 2024-11-21 5.0 MEDIUM 7.5 HIGH
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVE-2016-10730 2 Redhat, Zmanda 2 Enterprise Linux, Amanda 2024-11-21 7.2 HIGH 7.8 HIGH
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
CVE-2016-10729 3 Debian, Redhat, Zmanda 3 Debian Linux, Enterprise Linux, Amanda 2024-11-21 7.2 HIGH 7.8 HIGH
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
CVE-2016-1000232 3 Ibm, Redhat, Salesforce 3 Api Connect, Openshift Container Platform, Tough-cookie 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVE-2016-1000229 2 Redhat, Smartbear 3 Jboss Fuse, Openshift, Swagger-ui 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
swagger-ui has XSS in key names
CVE-2016-1000037 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Pagure 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Pagure: XSS possible in file attachment endpoint
CVE-2016-1000002 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Gnome Display Manager, Leap and 1 more 2024-11-21 2.1 LOW 2.4 LOW
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2015-9262 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Ansible Tower and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVE-2015-8980 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more 4 Fedora, Leap, Php-gettext and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2015-7810 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 3.3 LOW 4.7 MEDIUM
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVE-2015-7559 2 Apache, Redhat 3 Activemq, Jboss A-mq, Jboss Fuse 2024-11-21 4.0 MEDIUM 2.7 LOW
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2024-11-21 2.7 LOW 3.5 LOW
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-5741 2 Golang, Redhat 3 Go, Enterprise Linux, Openstack 2024-11-21 7.5 HIGH 9.8 CRITICAL
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.