Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Ansible Tower Subscribe

Filter

2822 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-13785 4 Libpng, Canonical, Oracle and 1 more 8 Libgpng, Ubuntu Linux, Libpng and 5 more 2019-08-15 4.3
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVE-2019-10141 2 Redhat, Openstack 2 Openstack, Ironic-inspector 2019-08-15 6.4
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query...
CVE-2019-10194 2 Ovirt, Redhat 2 Ovirt, Virtualization 2019-08-15 2.1
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or...
CVE-2019-10182 2 Icedtea-web Project, Redhat 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-08-15 5.8
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to...
CVE-2018-1333 4 Apache, Netapp, Redhat and 1 more 5 Http Server, Cloud Backup, Storage Automation Store and 2 more 2019-08-15 5.0
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-08-15 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2017-9788 6 Apache, Netapp, Oracle and 3 more 16 Httpd, Http Server, Oncommand Unified Manager and 13 more 2019-08-15 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an...
CVE-2017-15715 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 6.8
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of...
CVE-2017-15710 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2019-08-15 5.0
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials....
CVE-2015-8553 2 Xen, Redhat 2 Enterprise Linux, Xen 2019-08-13 2.1
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
CVE-2016-5388 4 Hp, Apache, Oracle and 1 more 11 Tomcat, Linux, Enterprise Linux Desktop and 8 more 2019-08-13 5.1
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment...
CVE-2019-10176 1 Redhat 1 Openshift Container Platform 2019-08-13 5.8
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of...
CVE-2019-10168 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt...
CVE-2019-10167 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to...
CVE-2019-10166 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had...
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2019-08-12 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing...
CVE-2018-7225 4 Libvncserver Project, Canonical, Debian and 1 more 9 Libvncserver, Ubuntu Linux, Debian Linux and 6 more 2019-08-09 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g.,...
CVE-2019-10171 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux Server Eus 2019-08-09 7.8
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2014-8183 2 Redhat, Theforeman 2 Satellite, Foreman 2019-08-08 6.5
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.