Filtered by vendor Redhat
Subscribe
Total
5530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10183 | 1 Redhat | 2 Enterprise Linux, Virt-manager | 2023-02-12 | 2.1 LOW | 3.3 LOW |
| Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release. | |||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-02-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | |||||
| CVE-2019-10180 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Certificate System | 2023-02-12 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code. | |||||
| CVE-2019-10179 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | |||||
| CVE-2019-10176 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | |||||
| CVE-2019-10172 | 4 Apache, Debian, Fasterxml and 1 more | 5 Spark, Debian Linux, Jackson-mapper-asl and 2 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | |||||
| CVE-2019-10160 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2023-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. | |||||
| CVE-2019-10159 | 1 Redhat | 2 Cfme-gemset, Cloudforms | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available. | |||||
| CVE-2019-10150 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. | |||||
| CVE-2019-10146 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2023-02-12 | 2.6 LOW | 4.7 MEDIUM |
| A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser. | |||||
| CVE-2019-10140 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). | |||||
| CVE-2019-10137 | 1 Redhat | 2 Satellite, Spacewalk | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. | |||||
| CVE-2019-10136 | 1 Redhat | 2 Satellite, Spacewalk | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. | |||||
| CVE-2019-10132 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. | |||||
| CVE-2019-10126 | 6 Canonical, Debian, Linux and 3 more | 26 Ubuntu Linux, Debian Linux, Linux Kernel and 23 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | |||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2023-02-12 | 7.9 HIGH | 7.5 HIGH |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | |||||
| CVE-2018-1102 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | |||||
| CVE-2018-1071 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. | |||||
| CVE-2018-16871 | 3 Linux, Netapp, Redhat | 28 Linux Kernel, Cloud Backup, H300e and 25 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | |||||
| CVE-2018-16863 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 9.3 HIGH | 7.8 HIGH |
| It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | |||||