Filtered by vendor Redhat
Subscriptions
Total
22092 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||
CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 3.3 Low |
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | ||||
CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 5.5 Medium |
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | ||||
CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-11-21 | 7.5 High |
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | ||||
CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2024-11-21 | 5.5 Medium |
libuser has information disclosure when moving user's home directory | ||||
CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-11-21 | 6.3 Medium |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | ||||
CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 7.5 High |
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||
CVE-2012-5562 | 1 Redhat | 2 Network Proxy, Satellite | 2024-11-21 | 6.5 Medium |
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | ||||
CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-11-21 | 6.5 Medium |
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | ||||
CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 5.5 Medium |
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | ||||
CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 8.8 High |
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | ||||
CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 6.1 Medium |
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | ||||
CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 9.8 Critical |
cumin: At installation postgresql database user created without password | ||||
CVE-2012-2312 | 1 Redhat | 2 Jboss Application Server, Jboss Enterprise Application Platform | 2024-11-21 | 7.8 High |
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | ||||
CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 3.3 Low |
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | ||||
CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | ||||
CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 8.2 High |
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | ||||
CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 7.5 High |
Moodle before 2.2.2 has users' private files included in course backups | ||||
CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2024-11-21 | 7.5 High |
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | ||||
CVE-2012-1094 | 1 Redhat | 1 Jboss Application Server | 2024-11-21 | 7.5 High |
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. |