Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Cluster
Subscriptions
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-4136 | 1 Redhat | 2 Conga, Rhel Cluster | 2024-08-07 | N/A |
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. | ||||
CVE-2007-3380 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Cluster | 2024-08-07 | N/A |
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service. | ||||
CVE-2007-1462 | 2 Conga, Redhat | 3 Conga, Linux, Rhel Cluster | 2024-08-07 | N/A |
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible. | ||||
CVE-2007-0240 | 2 Redhat, Zope | 2 Rhel Cluster, Zope | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | ||||
CVE-2008-6552 | 2 Fedoraproject, Redhat | 7 Fedora, Cluster Project, Cman and 4 more | 2024-08-07 | N/A |
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||||
CVE-2008-4579 | 2 Gentoo, Redhat | 4 Cman, Fence, Enterprise Linux and 1 more | 2024-08-07 | N/A |
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||||
CVE-2008-4192 | 1 Redhat | 3 Cman, Enterprise Linux, Rhel Cluster | 2024-08-07 | N/A |
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | ||||
CVE-2010-3389 | 2 Linux-ha, Redhat | 3 Ocf Resource Agents, Enterprise Linux, Rhel Cluster | 2024-08-07 | N/A |
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
CVE-2010-1104 | 2 Redhat, Zope | 2 Rhel Cluster, Zope | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | ||||
CVE-2011-1948 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
CVE-2011-0720 | 2 Plone, Redhat | 4 Plone, Conga, Luci and 1 more | 2024-08-06 | N/A |
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. | ||||
CVE-2012-5499 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | ||||
CVE-2012-5488 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | ||||
CVE-2012-5498 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | ||||
CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
CVE-2012-5485 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | ||||
CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||
CVE-2012-5486 | 3 Plone, Redhat, Zope | 3 Plone, Rhel Cluster, Zope | 2024-08-06 | N/A |
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | ||||
CVE-2012-3359 | 1 Redhat | 3 Conga, Enterprise Linux, Rhel Cluster | 2024-08-06 | N/A |
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout. | ||||
CVE-2013-6492 | 2 Redhat, Ryan Ohara | 3 Enterprise Linux, Rhel Cluster, Piranha | 2024-08-06 | N/A |
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request. |