Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0801 | 1 Moodle | 1 Moodle | 2023-02-13 | 7.5 HIGH | N/A |
| lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2023-02-13 | 6.4 MEDIUM | N/A |
| The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | |||||
| CVE-2012-0839 | 1 Inria | 1 Ocaml | 2023-02-13 | 5.0 MEDIUM | N/A |
| OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2011-4575 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2023-02-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3365 | 1 Kde | 1 Kde Sc | 2023-02-13 | 4.3 MEDIUM | N/A |
| The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
| CVE-2011-1775 | 1 Tigervnc | 1 Tigervnc | 2023-02-13 | 5.8 MEDIUM | N/A |
| The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate. | |||||
| CVE-2011-1495 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 7.2 HIGH | N/A |
| drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. | |||||
| CVE-2011-0025 | 1 Redhat | 1 Icedtea | 2023-02-13 | 6.8 MEDIUM | N/A |
| IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. | |||||
| CVE-2021-4047 | 1 Redhat | 1 Openshift | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | |||||
| CVE-2019-14894 | 1 Redhat | 1 Cloudforms Management Engine | 2023-02-12 | 9.0 HIGH | 7.2 HIGH |
| A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. | |||||
| CVE-2018-1102 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | |||||
| CVE-2018-14661 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | |||||
| CVE-2017-2658 | 1 Redhat | 2 Jboss Bpm Suite, Jboss Data Virtualization \& Services | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking). | |||||
| CVE-2017-15121 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||||
| CVE-2017-15137 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2023-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. | |||||
| CVE-2016-9579 | 2 Canonical, Redhat | 8 Ubuntu Linux, Ceph Storage, Ceph Storage Mon and 5 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. | |||||
| CVE-2016-8631 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.0 MEDIUM | 7.7 HIGH |
| The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. | |||||
| CVE-2016-8651 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2023-02-12 | 2.7 LOW | 3.5 LOW |
| An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | |||||
| CVE-2016-8612 | 3 Apache, Netapp, Redhat | 3 Http Server, Storage Automation Store, Enterprise Linux | 2023-02-12 | 3.3 LOW | 4.3 MEDIUM |
| Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | |||||
| CVE-2016-8650 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | |||||