CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8317 119 Overflow +Info 2015-12-15 2015-12-16
5.0
None Remote Low Not required Partial None None
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
2 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2015-12-16
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
3 CVE-2015-8241 119 DoS Overflow +Info 2015-12-15 2015-12-16
6.4
None Remote Low Not required Partial None Partial
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
4 CVE-2015-7500 119 DoS Overflow 2015-12-15 2015-12-16
5.0
None Remote Low Not required None None Partial
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
5 CVE-2015-7499 119 Overflow +Info 2015-12-15 2015-12-16
5.0
None Remote Low Not required Partial None None
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
6 CVE-2015-7498 119 DoS Overflow 2015-12-15 2015-12-16
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
7 CVE-2015-7497 119 DoS Overflow 2015-12-15 2015-12-16
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
8 CVE-2015-5312 399 DoS 2015-12-15 2015-12-16
7.1
None Remote Medium Not required None None Complete
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
9 CVE-2015-5305 22 Dir. Trav. 2015-11-06 2015-11-09
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
10 CVE-2015-5304 264 DoS 2015-12-16 2015-12-17
3.5
None Remote Medium Single system None None Partial
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
11 CVE-2015-5302 200 +Info 2015-12-07 2015-12-08
5.0
None Remote Low Not required Partial None None
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
12 CVE-2015-5287 59 +Priv 2015-12-07 2015-12-08
6.9
None Local Medium Not required Complete Complete Complete
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
13 CVE-2015-5281 264 Exec Code Bypass 2015-11-24 2015-11-25
2.6
None Local High Not required Partial Partial None
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.
14 CVE-2015-5277 119 DoS Overflow +Priv 2015-12-17 2015-12-18
7.2
None Local Low Not required Complete Complete Complete
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
15 CVE-2015-5274 77 Exec Code 2015-09-18 2015-09-22
6.5
None Remote Low Single system Partial Partial Partial
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
16 CVE-2015-5273 59 2015-12-07 2015-12-08
3.6
None Local Low Not required None Partial Partial
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
17 CVE-2015-5250 20 DoS 2015-09-08 2015-09-09
4.0
None Remote Low Single system None None Partial
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
18 CVE-2015-5245 Http R.Spl. 2015-12-03 2015-12-04
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
19 CVE-2015-5242 94 Exec Code 2015-11-25 2015-11-27
6.0
None Remote Medium Single system Partial Partial Partial
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
20 CVE-2015-5235 20 Bypass 2015-10-09 2015-10-13
4.3
None Remote Medium Not required None Partial None
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
21 CVE-2015-5234 20 Bypass 2015-10-09 2015-10-13
6.8
None Remote Medium Not required Partial Partial Partial
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
22 CVE-2015-5225 119 DoS Exec Code Overflow Mem. Corr. 2015-11-06 2015-11-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
23 CVE-2015-5222 264 Exec Code 2015-08-24 2015-08-25
8.5
None Remote Medium Single system Complete Complete Complete
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
24 CVE-2015-5220 119 DoS Overflow 2015-10-27 2015-10-28
5.0
None Remote Low Not required None None Partial
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
25 CVE-2015-5188 352 CSRF 2015-10-27 2015-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
26 CVE-2015-5178 254 2015-10-27 2015-10-28
4.3
None Remote Medium Not required None Partial None
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
27 CVE-2015-5176 17 2015-08-11 2015-08-11
5.8
None Remote Medium Not required Partial Partial None
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
28 CVE-2015-3636 DoS +Priv 2015-08-05 2015-11-24
4.9
None Local Low Not required None None Complete
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
29 CVE-2015-3456 119 DoS Exec Code Overflow 2015-05-13 2016-01-13
7.7
None Local Network Low Single system Complete Complete Complete
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
30 CVE-2015-3276 310 2015-12-07 2015-12-09
5.0
None Remote Low Not required None Partial None
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
31 CVE-2015-3267 79 XSS 2015-08-11 2015-08-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
32 CVE-2015-3247 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2015-09-09
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
33 CVE-2015-3246 264 DoS +Priv 2015-08-11 2015-08-11
7.2
Admin Local Low Not required Complete Complete Complete
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
34 CVE-2015-3245 20 DoS 2015-08-11 2015-08-11
2.1
None Local Low Not required None None Partial
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
35 CVE-2015-3244 264 +Info 2015-07-16 2015-07-21
4.9
None Remote Medium Single system Partial Partial None
The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.
36 CVE-2015-3216 362 DoS 2015-07-07 2015-07-09
4.3
None Remote Medium Not required None None Partial
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
37 CVE-2015-3201 200 +Info 2015-06-08 2015-06-09
2.1
None Local Low Not required Partial None None
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
38 CVE-2015-2775 22 Dir. Trav. 2015-04-13 2015-07-13
7.6
None Remote High Not required Complete Complete Complete
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
39 CVE-2015-1843 20 2015-04-06 2015-04-07
4.3
None Remote Medium Not required None Partial None
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.
40 CVE-2015-1842 255 Exec Code 2015-04-10 2015-04-29
10.0
None Remote Low Not required Complete Complete Complete
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
41 CVE-2015-1841 17 Bypass 2015-09-08 2015-09-09
3.7
None Local High Not required Partial Partial Partial
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.
42 CVE-2015-1818 2015-08-11 2015-08-11
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.
43 CVE-2015-1779 399 DoS 2016-01-12 2016-01-15
7.8
None Remote Low Not required None None Complete
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
44 CVE-2015-1284 20 DoS 2015-07-22 2015-11-24
7.5
None Remote Low Not required Partial Partial Partial
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
45 CVE-2015-1274 254 Exec Code 2015-07-22 2015-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
46 CVE-2015-0831 DoS Exec Code Mem. Corr. 2015-02-25 2015-03-26
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
47 CVE-2015-0298 79 XSS 2015-08-24 2015-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
48 CVE-2015-0297 284 DoS 2015-04-24 2015-10-05
9.0
None Remote Low Not required Partial Partial Complete
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
49 CVE-2015-0283 399 DoS 2015-03-30 2015-04-09
7.8
None Remote Low Not required None None Complete
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.
50 CVE-2015-0279 94 Exec Code 2015-03-26 2015-04-22
6.8
None Remote Medium Not required Partial Partial Partial
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
Total number of vulnerabilities : 1040   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.