Filtered by vendor Redhat
Subscriptions
Total
21361 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0283 | 1 Redhat | 2 Enterprise Linux, Slapi-nis | 2024-11-21 | N/A |
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups. | ||||
CVE-2015-0282 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-11-21 | N/A |
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | ||||
CVE-2015-0279 | 1 Redhat | 2 Jboss Enterprise Web Framework, Richfaces | 2024-11-21 | N/A |
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. | ||||
CVE-2015-0277 | 2 Picketlink, Redhat | 2 Picketlink, Jboss Enterprise Application Platform | 2024-11-21 | N/A |
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion. | ||||
CVE-2015-0275 | 3 Linux, Oracle, Redhat | 5 Linux Kernel, Linux, Enterprise Linux and 2 more | 2024-11-21 | N/A |
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | ||||
CVE-2015-0274 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. | ||||
CVE-2015-0273 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Software Collections | 2024-11-21 | N/A |
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. | ||||
CVE-2015-0272 | 5 Canonical, Gnome, Oracle and 2 more | 10 Ubuntu Linux, Networkmanager, Linux and 7 more | 2024-11-21 | N/A |
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | ||||
CVE-2015-0271 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A |
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | ||||
CVE-2015-0267 | 1 Redhat | 2 Enterprise Linux, Kexec-tools | 2024-11-21 | N/A |
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2015-0264 | 2 Apache, Redhat | 6 Camel, Jboss Amq, Jboss Bpms and 3 more | 2024-11-21 | N/A |
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. | ||||
CVE-2015-0263 | 2 Apache, Redhat | 6 Camel, Jboss Amq, Jboss Bpms and 3 more | 2024-11-21 | N/A |
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. | ||||
CVE-2015-0261 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2024-11-21 | N/A |
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. | ||||
CVE-2015-0259 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | N/A |
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. | ||||
CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
CVE-2015-0255 | 3 Opensuse, Redhat, X.org | 3 Opensuse, Enterprise Linux, Xorg-server | 2024-11-21 | N/A |
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | ||||
CVE-2015-0254 | 3 Apache, Canonical, Redhat | 5 Standard Taglibs, Ubuntu Linux, Enterprise Linux and 2 more | 2024-11-21 | N/A |
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. | ||||
CVE-2015-0253 | 4 Apache, Apple, Oracle and 1 more | 6 Http Server, Mac Os X, Mac Os X Server and 3 more | 2024-11-21 | N/A |
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. | ||||
CVE-2015-0252 | 4 Apache, Debian, Fedoraproject and 1 more | 4 Xerces-c\+\+, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | ||||
CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 10 Subversion, Xcode, Opensuse and 7 more | 2024-11-21 | N/A |
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. |