VYPR

Vendor CVEs

Red Hat

All CVEs

3,692 total · sorted by risk
  • CVE-2016-1681HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2016-1680HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-1679HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have…

  • CVE-2016-1678HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…

  • CVE-2016-1676HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1675HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

  • CVE-2016-1674HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1673HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1672HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via…

  • CVE-2016-1663HigMay 14, 2016
    risk 0.57cvss 8.8epss 0.01

    The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause…

  • CVE-2016-1660HigMay 14, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted…

  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.75

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2016-1568HigApr 12, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

  • CVE-2014-1497HigMar 19, 2014
    risk 0.57cvss 8.8epss 0.03

    The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service…

  • CVE-2013-0261HigMar 8, 2013
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data…

  • CVE-2012-4406CriOct 22, 2012
    risk 0.57cvss 9.8epss 0.07

    OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

  • CVE-2012-3503CriAug 25, 2012
    risk 0.57cvss 9.8epss 0.03

    The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web…

  • CVE-2011-3045HigMar 22, 2012
    risk 0.57cvss 8.8epss 0.04

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2010-1772HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to…

  • CVE-2026-5367HigApr 24, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds…

  • CVE-2012-5562HigDec 2, 2019
    risk 0.56cvss 8.6epss 0.01

    A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.

  • CVE-2017-1000251HigSep 12, 2017
    risk 0.56cvss 8.0epss 0.16

    The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel…

  • CVE-2016-2183HigSep 1, 2016
    risk 0.56cvss 7.5epss 0.96

    The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a…

  • CVE-2015-1779HigJan 12, 2016
    risk 0.56cvss 8.6epss 0.07

    The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

  • CVE-2015-5317HigKEVNov 25, 2015
    risk 0.56cvss 7.5epss 0.22

    The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

  • CVE-2026-53471CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This…

  • CVE-2026-53470CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual…

  • CVE-2026-5483HigApr 10, 2026
    risk 0.55cvss 8.5epss 0.00

    A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain…

  • CVE-2025-14459HigJan 26, 2026
    risk 0.55cvss 8.5epss 0.00

    A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.

  • CVE-2025-14025HigJan 8, 2026
    risk 0.55cvss 8.5epss 0.00

    A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g.,…

  • CVE-2017-12148HigJul 27, 2018
    risk 0.55cvss 8.4epss 0.02

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a…

  • CVE-2018-10843HigJul 2, 2018
    risk 0.55cvss 8.5epss 0.01

    source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this…

  • CVE-2016-6340HigSep 22, 2016
    risk 0.55cvss 8.4epss 0.00

    The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

  • CVE-2016-6322HigSep 22, 2016
    risk 0.55cvss 8.4epss 0.00

    Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

  • CVE-2016-2857HigApr 12, 2016
    risk 0.55cvss 8.4epss 0.01

    The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

  • CVE-2016-0742HigFeb 15, 2016
    risk 0.55cvss 7.5epss 0.82

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

  • CVE-2013-1675MedKEVMay 16, 2013
    risk 0.55cvss 6.5epss 0.07

    Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote…

  • CVE-2009-2692HigAug 14, 2009
    risk 0.55cvss 7.8epss 0.15

    The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero,…

  • CVE-2018-12617HigJun 21, 2018
    risk 0.54cvss 7.5epss 0.25

    qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be…

  • CVE-2017-13704HigOct 3, 2017
    risk 0.54cvss 7.5epss 0.65

    In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

  • CVE-2017-10116HigAug 8, 2017
    risk 0.54cvss 8.3epss 0.04

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows…

  • CVE-2017-10074HigAug 8, 2017
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2017-3512HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2016-5425HigOct 13, 2016
    risk 0.54cvss 7.8epss 0.04

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

  • CVE-2009-2698HigAug 27, 2009
    risk 0.54cvss 7.8epss 0.07

    The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE…

  • CVE-2026-5260HigMay 26, 2026
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information…

Page 8 of 74