Filtered by vendor Redhat
Subscribe
Total
5530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8626 | 1 Redhat | 4 Ceph, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-11-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. | |||||
| CVE-2016-8614 | 1 Redhat | 1 Ansible | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. | |||||
| CVE-2016-8609 | 1 Redhat | 1 Keycloak | 2023-11-07 | 5.8 MEDIUM | 8.1 HIGH |
| It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | |||||
| CVE-2016-7545 | 3 Fedoraproject, Redhat, Selinux Project | 7 Fedora, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2023-11-07 | 7.2 HIGH | 8.8 HIGH |
| SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||||
| CVE-2016-7163 | 4 Debian, Fedoraproject, Redhat and 1 more | 9 Debian Linux, Fedora, Enterprise Linux Desktop and 6 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. | |||||
| CVE-2016-7071 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | |||||
| CVE-2016-7066 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | |||||
| CVE-2016-7061 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | |||||
| CVE-2016-7047 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. | |||||
| CVE-2016-7035 | 2 Clusterlabs, Redhat | 3 Pacemaker, Enterprise Linux Server, Enterprise Linux Server Eus | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. | |||||
| CVE-2016-6888 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2023-11-07 | 2.1 LOW | 4.4 MEDIUM |
| Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | |||||
| CVE-2016-6519 | 2 Openstack, Redhat | 2 Manila, Openstack | 2023-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | |||||
| CVE-2016-6330 | 1 Redhat | 1 Jboss Operations Network | 2023-11-07 | 9.0 HIGH | 9.8 CRITICAL |
| The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. | |||||
| CVE-2016-6312 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. | |||||
| CVE-2016-5410 | 2 Firewalld, Redhat | 5 Firewalld, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | |||||
| CVE-2016-5387 | 8 Apache, Canonical, Debian and 5 more | 21 Http Server, Ubuntu Linux, Debian Linux and 18 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. | |||||
| CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 6 Fedora, Go, Linux and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2016-5195 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | |||||
| CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||