Filtered by vendor Redhat
Subscribe
Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5319 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. | |||||
| CVE-2015-7538 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | |||||
| CVE-2015-5324 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | |||||
| CVE-2015-5320 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | |||||
| CVE-2015-7539 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 7.6 HIGH | 7.5 HIGH |
| The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | |||||
| CVE-2015-5326 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | |||||
| CVE-2015-5321 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. | |||||
| CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 7.5 HIGH | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | |||||
| CVE-2015-7537 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | |||||
| CVE-2004-0957 | 6 Openpkg, Oracle, Redhat and 3 more | 7 Openpkg, Mysql, Enterprise Linux and 4 more | 2019-12-17 | 6.8 MEDIUM | N/A |
| Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | |||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2019-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2014-0001 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux and 3 more | 2019-12-17 | 7.5 HIGH | N/A |
| Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. | |||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2019-12-16 | 1.9 LOW | 3.3 LOW |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | |||||
| CVE-2019-6465 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2019-12-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. | |||||
| CVE-2019-14909 | 1 Redhat | 1 Keycloak | 2019-12-16 | 7.5 HIGH | 8.3 HIGH |
| A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | |||||
| CVE-2014-0163 | 1 Redhat | 1 Openshift | 2019-12-16 | 9.0 HIGH | 8.8 HIGH |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
| CVE-2013-0163 | 1 Redhat | 1 Openshift | 2019-12-14 | 2.1 LOW | 5.5 MEDIUM |
| OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | |||||
| CVE-2013-1793 | 1 Redhat | 2 Openstack, Openstack Essex | 2019-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| openstack-utils openstack-db has insecure password creation | |||||
| CVE-2012-5562 | 1 Redhat | 1 Satellite | 2019-12-13 | 3.3 LOW | 6.5 MEDIUM |
| rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||