Vendor CVEs
Red Hat
All CVEs
3,692 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15116 | Med | 0.36 | 5.5 | 0.00 | Nov 30, 2017 | The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | ||
| CVE-2017-3157 | Med | 0.36 | 5.5 | 0.03 | Nov 20, 2017 | By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information,… | ||
| CVE-2017-7560 | Med | 0.36 | 5.5 | 0.00 | Sep 13, 2017 | It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | ||
| CVE-2016-6310 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2017 | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | ||
| CVE-2015-3149 | Med | 0.36 | 5.5 | 0.00 | Jul 25, 2017 | The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | ||
| CVE-2015-3170 | Med | 0.36 | 5.5 | 0.00 | Jul 21, 2017 | selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | ||
| CVE-2014-8180 | Med | 0.36 | 5.5 | 0.00 | Jun 6, 2017 | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | ||
| CVE-2017-7475 | Med | 0.36 | 5.5 | 0.02 | May 19, 2017 | Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | ||
| CVE-2016-5410 | Med | 0.36 | 5.5 | 0.00 | Apr 19, 2017 | firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | ||
| CVE-2017-5973 | Med | 0.36 | 5.5 | 0.00 | Mar 27, 2017 | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | ||
| CVE-2017-6011 | Med | 0.36 | 5.5 | 0.02 | Feb 16, 2017 | An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | ||
| CVE-2017-6010 | Med | 0.36 | 5.5 | 0.02 | Feb 16, 2017 | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. | ||
| CVE-2017-6009 | Med | 0.36 | 5.5 | 0.02 | Feb 16, 2017 | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the… | ||
| CVE-2016-2518 | Med | 0.36 | 5.3 | 0.15 | Jan 30, 2017 | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | ||
| CVE-2016-5824 | Med | 0.36 | 5.5 | 0.02 | Jan 27, 2017 | libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | ||
| CVE-2016-4443 | Med | 0.36 | 5.5 | 0.00 | Dec 14, 2016 | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | ||
| CVE-2016-7796 | Med | 0.36 | 5.5 | 0.01 | Oct 13, 2016 | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | ||
| CVE-2016-5403 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2016 | The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | ||
| CVE-2016-4470 | Med | 0.36 | 5.5 | 0.01 | Jun 27, 2016 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | ||
| CVE-2016-2142 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2016 | Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||
| CVE-2016-3712 | Med | 0.36 | 5.5 | 0.01 | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | ||
| CVE-2015-1350 | Med | 0.36 | 5.5 | 0.00 | May 2, 2016 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a… | ||
| CVE-2016-0666 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. | ||
| CVE-2016-0665 | Med | 0.36 | 5.5 | 0.01 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. | ||
| CVE-2016-0651 | Med | 0.36 | 5.5 | 0.01 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. | ||
| CVE-2016-0650 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. | ||
| CVE-2016-0649 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. | ||
| CVE-2016-0648 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. | ||
| CVE-2016-0647 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. | ||
| CVE-2016-0646 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. | ||
| CVE-2016-0644 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. | ||
| CVE-2015-8631 | Med | 0.36 | 6.5 | 0.05 | Feb 13, 2016 | Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. | ||
| CVE-2011-2920 | Med | 0.36 | 5.5 | 0.02 | Feb 5, 2014 | A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the… | ||
| CVE-2012-0037 | Med | 0.36 | 6.5 | 0.14 | Jun 17, 2012 | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and… | ||
| CVE-2012-0248 | Med | 0.36 | 5.5 | 0.02 | Jun 5, 2012 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | ||
| CVE-2006-4342 | Med | 0.36 | 5.5 | 0.00 | Oct 17, 2006 | The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked. | ||
| CVE-2005-0109 | Med | 0.36 | 5.6 | 0.01 | Mar 5, 2005 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as… | ||
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.05 | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||
| CVE-2026-11569 | Med | 0.35 | 5.4 | 0.00 | Jun 8, 2026 | A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored… | ||
| CVE-2026-9149 | Med | 0.35 | 6.5 | 0.00 | May 21, 2026 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds… | ||
| CVE-2026-9150 | Med | 0.35 | 6.5 | 0.00 | May 20, 2026 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to… | ||
| CVE-2026-9087 | Med | 0.35 | 6.4 | 0.00 | May 20, 2026 | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local… | ||
| CVE-2026-37979 | Med | 0.35 | 6.5 | 0.00 | May 19, 2026 | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims… | ||
| CVE-2026-3833 | Med | 0.35 | 6.5 | 0.01 | Apr 30, 2026 | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can… | ||
| CVE-2026-6848 | Med | 0.35 | 5.4 | 0.00 | Apr 22, 2026 | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with… | ||
| CVE-2026-3121 | Med | 0.35 | 6.5 | 0.00 | Mar 26, 2026 | A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other… | ||
| CVE-2026-4426 | Med | 0.35 | 6.5 | 0.00 | Mar 19, 2026 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO… | ||
| CVE-2026-4271 | Med | 0.35 | 5.3 | 0.01 | Mar 17, 2026 | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This… | ||
| CVE-2025-14512 | Med | 0.35 | 6.5 | 0.01 | Dec 11, 2025 | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | ||
| CVE-2025-7784 | Med | 0.35 | 6.5 | 0.00 | Jul 18, 2025 | A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This… |
- risk 0.36cvss 5.5epss 0.00
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
- risk 0.36cvss 5.5epss 0.03
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information,…
- risk 0.36cvss 5.5epss 0.00
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
- risk 0.36cvss 5.5epss 0.00
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
- risk 0.36cvss 5.5epss 0.00
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
- risk 0.36cvss 5.5epss 0.00
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
- risk 0.36cvss 5.5epss 0.00
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
- risk 0.36cvss 5.5epss 0.02
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
- risk 0.36cvss 5.5epss 0.00
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
- risk 0.36cvss 5.5epss 0.00
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the…
- risk 0.36cvss 5.3epss 0.15
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
- risk 0.36cvss 5.5epss 0.02
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
- risk 0.36cvss 5.5epss 0.00
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
- risk 0.36cvss 5.5epss 0.01
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
- risk 0.36cvss 5.5epss 0.01
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
- risk 0.36cvss 5.5epss 0.01
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
- risk 0.36cvss 5.5epss 0.00
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
- risk 0.36cvss 5.5epss 0.00
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a…
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
- risk 0.36cvss 5.5epss 0.01
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.
- risk 0.36cvss 5.5epss 0.01
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
- risk 0.36cvss 5.5epss 0.02
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
- risk 0.36cvss 6.5epss 0.05
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
- risk 0.36cvss 5.5epss 0.02
A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the…
- risk 0.36cvss 6.5epss 0.14
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and…
- risk 0.36cvss 5.5epss 0.02
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
- risk 0.36cvss 5.5epss 0.00
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.
- risk 0.36cvss 5.6epss 0.01
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as…
- risk 0.36cvss 5.4epss 0.05
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
- risk 0.35cvss 5.4epss 0.00
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored…
- risk 0.35cvss 6.5epss 0.00
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds…
- risk 0.35cvss 6.5epss 0.00
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to…
- risk 0.35cvss 6.4epss 0.00
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local…
- risk 0.35cvss 6.5epss 0.00
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims…
- risk 0.35cvss 6.5epss 0.01
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can…
- risk 0.35cvss 5.4epss 0.00
A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with…
- risk 0.35cvss 6.5epss 0.00
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other…
- risk 0.35cvss 6.5epss 0.00
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO…
- risk 0.35cvss 5.3epss 0.01
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This…
- risk 0.35cvss 6.5epss 0.01
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
- risk 0.35cvss 6.5epss 0.00
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This…
Page 30 of 74