National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:-
There are 7 matching records.
Vuln ID Summary CVSS Severity

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

Published: August 06, 2018; 04:29:01 PM -04:00
V2: 6.4 MEDIUM

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Published: July 02, 2018; 09:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 4.6 MEDIUM

/var/lib/ovirt-engine/setup/ in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Published: June 13, 2017; 12:29:00 PM -04:00
V2: 10.0 HIGH

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

Published: September 22, 2016; 11:59:03 AM -04:00
V3: 8.4 HIGH
V2: 2.1 LOW

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

Published: September 22, 2016; 11:59:02 AM -04:00
V3: 8.4 HIGH
V2: 7.2 HIGH

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 02:59:03 PM -04:00
V2: 5.0 MEDIUM

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

Published: February 15, 2007; 08:28:00 PM -05:00
V2: 10.0 HIGH