Filtered by vendor Redhat Subscriptions
Filtered by product Rhel Cluster Subscriptions
Total 22 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3521 1 Redhat 2 Conga, Rhel Cluster 2024-11-21 N/A
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2013-6496 1 Redhat 2 Conga, Rhel Cluster 2024-11-21 N/A
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
CVE-2013-6492 2 Redhat, Ryan Ohara 3 Enterprise Linux, Rhel Cluster, Piranha 2024-11-21 N/A
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
CVE-2012-5500 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
CVE-2012-5499 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
CVE-2012-5498 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
CVE-2012-5497 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
CVE-2012-5488 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
CVE-2012-5486 3 Plone, Redhat, Zope 3 Plone, Rhel Cluster, Zope 2024-11-21 N/A
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
CVE-2012-5485 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
CVE-2012-3359 1 Redhat 3 Conga, Enterprise Linux, Rhel Cluster 2024-11-21 N/A
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
CVE-2011-1948 2 Plone, Redhat 2 Plone, Rhel Cluster 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2011-0720 2 Plone, Redhat 4 Plone, Conga, Luci and 1 more 2024-11-21 N/A
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
CVE-2010-3389 2 Linux-ha, Redhat 3 Ocf Resource Agents, Enterprise Linux, Rhel Cluster 2024-11-21 N/A
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2010-1104 2 Redhat, Zope 2 Rhel Cluster, Zope 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
CVE-2008-6552 2 Fedoraproject, Redhat 7 Fedora, Cluster Project, Cman and 4 more 2024-11-21 N/A
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.
CVE-2008-4579 2 Gentoo, Redhat 4 Cman, Fence, Enterprise Linux and 1 more 2024-11-21 N/A
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
CVE-2008-4192 1 Redhat 3 Cman, Enterprise Linux, Rhel Cluster 2024-11-21 N/A
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
CVE-2007-4136 1 Redhat 2 Conga, Rhel Cluster 2024-11-21 N/A
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
CVE-2007-3380 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Cluster 2024-11-21 N/A
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.