Every CVE whose affected-product data names Redhat Storage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2012-4406 — CVSS 9.8 (critical): OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading…
CVE-2022-26148 — CVSS 9.8 (critical): An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML…
CVE-2012-1938 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before…
CVE-2023-3961 — CVSS 9.1 (critical): A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private…
CVE-2012-0247 — CVSS 8.8 (high): ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary…
CVE-2011-3045 — CVSS 8.8 (high): Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before…
CVE-2014-0224 — CVSS 7.4 (high): OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages…
CVE-2022-2447 — CVSS 6.6 (medium): A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token…
CVE-2012-1798 — CVSS 6.5 (medium): The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service…
CVE-2012-0260 — CVSS 6.5 (medium): The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory…
CVE-2023-42669 — CVSS 6.5 (medium): A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements…
CVE-2023-4091 — CVSS 6.5 (medium): A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the…
CVE-2012-0037 — CVSS 6.5 (medium): Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and…
CVE-2020-10730 — CVSS 6.5 (medium): A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11…
CVE-2019-14907 — CVSS 6.5 (medium): All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level =…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2023-3347 — CVSS 5.9 (medium): A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server…
CVE-2012-0248 — CVSS 5.5 (medium): ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD…
CVE-2023-34968 — CVSS 5.3 (medium): A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of…
CVE-2020-10685 — CVSS 5.0 (medium): A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as…
CVE-2012-0031 — CVSS 4.6 (medium): scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during…
CVE-2020-14318 — CVSS 4.3 (medium): A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to…
CVE-2012-0876 — CVSS 4.3 (medium): The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions…
CVE-2014-3470 — CVSS 4.3 (medium): The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an…
CVE-2021-44141 — CVSS 4.3 (medium): All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory…
CVE-2012-0053 — CVSS 4.3 (medium): protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request…
CVE-2014-0221 — CVSS 4.3 (medium): The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote…