Filtered by vendor Redhat
Subscriptions
Total
23297 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1370 | 6 Adobe, Apple, Google and 3 more | 8 Air, Air Sdk, Flash Player and 5 more | 2025-04-11 | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. | ||||
| CVE-2011-4316 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-11 | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | ||||
| CVE-2011-2525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 7.8 High |
| The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. | ||||
| CVE-2012-1586 | 2 Debian, Redhat | 2 Cifs-utils, Enterprise Linux | 2025-04-11 | N/A |
| mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | ||||
| CVE-2013-0169 | 4 Openssl, Oracle, Polarssl and 1 more | 11 Openssl, Openjdk, Polarssl and 8 more | 2025-04-11 | N/A |
| The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||||
| CVE-2010-0162 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | N/A |
| Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||||
| CVE-2013-6408 | 2 Apache, Redhat | 3 Solr, Jboss Data Grid, Jboss Enterprise Web Framework | 2025-04-11 | N/A |
| The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. | ||||
| CVE-2010-4647 | 2 Eclipse, Redhat | 2 Eclipse Ide, Enterprise Linux | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | ||||
| CVE-2011-1078 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. | ||||
| CVE-2010-4250 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. | ||||
| CVE-2009-3245 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||||
| CVE-2010-0001 | 2 Gnu, Redhat | 2 Gzip, Enterprise Linux | 2025-04-11 | N/A |
| Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||||
| CVE-2012-0037 | 6 Apache, Debian, Fedoraproject and 3 more | 14 Openoffice, Debian Linux, Fedora and 11 more | 2025-04-11 | 6.5 Medium |
| Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | ||||
| CVE-2010-3570 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2025-04-11 | N/A |
| Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2011-2363 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||||
| CVE-2009-3556 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||||
| CVE-2012-5519 | 3 Apple, Debian, Redhat | 3 Cups, Debian Linux, Enterprise Linux | 2025-04-11 | N/A |
| CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | ||||
| CVE-2023-46234 | 3 Browserify, Debian, Redhat | 3 Browserify-sign, Debian Linux, Openshift Distributed Tracing | 2025-04-10 | 6.5 Medium |
| browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | ||||
| CVE-2023-28625 | 2 Openidc, Redhat | 2 Mod Auth Openidc, Enterprise Linux | 2025-04-10 | 7.5 High |
| mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | ||||
| CVE-2022-42258 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2025-04-10 | 5.3 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | ||||