Lucene search

K
RedhatEnterprise Mrg

19 matches found

CVE
CVE
added 2020/05/12 7:15 p.m.334 views

CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent pro...

5.3CVSS6AI score0.00026EPSS
CVE
CVE
added 2017/09/19 4:29 p.m.237 views

CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.

5.5CVSS5.9AI score0.00073EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.236 views

CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstra...

5.5CVSS6.3AI score0.00033EPSS
CVE
CVE
added 2020/12/11 7:15 p.m.224 views

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special...

5.7CVSS6.4AI score0.00138EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.177 views

CVE-2016-4470

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

5.5CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2018/02/09 10:29 p.m.149 views

CVE-2014-8171

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

5.5CVSS5.4AI score0.00049EPSS
CVE
CVE
added 2013/10/10 10:55 a.m.115 views

CVE-2013-4345

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

5.8CVSS5.9AI score0.01022EPSS
CVE
CVE
added 2018/01/14 6:29 a.m.100 views

CVE-2017-15127

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

5.5CVSS6.3AI score0.00043EPSS
CVE
CVE
added 2019/11/06 3:15 p.m.89 views

CVE-2014-8181

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

5.5CVSS5.9AI score0.00229EPSS
CVE
CVE
added 2012/05/17 11:0 a.m.88 views

CVE-2012-1090

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.

5.5CVSS5.8AI score0.00061EPSS
CVE
CVE
added 2018/01/14 6:29 a.m.71 views

CVE-2017-15128

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).

5.5CVSS5.2AI score0.00046EPSS
CVE
CVE
added 2014/04/30 2:22 p.m.58 views

CVE-2013-6445

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.

5CVSS5.9AI score0.00297EPSS
CVE
CVE
added 2013/08/23 4:55 p.m.51 views

CVE-2013-1909

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8CVSS6.4AI score0.00586EPSS
CVE
CVE
added 2012/09/28 5:55 p.m.48 views

CVE-2012-2681

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.

5.8CVSS6.6AI score0.00651EPSS
CVE
CVE
added 2012/09/28 5:55 p.m.43 views

CVE-2012-2680

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image ...

5CVSS6AI score0.006EPSS
CVE
CVE
added 2010/10/18 5:0 p.m.41 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.

5CVSS6.8AI score0.01611EPSS
CVE
CVE
added 2017/10/18 2:29 p.m.39 views

CVE-2014-3706

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

5.9CVSS5.6AI score0.0022EPSS
CVE
CVE
added 2013/10/09 2:54 p.m.38 views

CVE-2013-4284

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.

5CVSS6.6AI score0.00535EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.37 views

CVE-2012-2682

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.

5CVSS6.3AI score0.00408EPSS