Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 15801 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3069 6 Debian, Fedoraproject, Mercurial and 3 more 15 Debian Linux, Fedora, Mercurial and 12 more 2025-04-12 N/A
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2014-4721 3 Debian, Php, Redhat 4 Debian Linux, Php, Enterprise Linux and 1 more 2025-04-12 N/A
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
CVE-2015-3279 4 Canonical, Debian, Linuxfoundation and 1 more 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more 2025-04-12 N/A
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
CVE-2014-0237 3 Debian, Php, Redhat 4 Debian Linux, Php, Enterprise Linux and 1 more 2025-04-12 N/A
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
CVE-2014-4608 5 Canonical, Linux, Opensuse and 2 more 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more 2025-04-12 7.3 High
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
CVE-2014-0106 3 Apple, Redhat, Todd Miller 3 Mac Os X, Enterprise Linux, Sudo 2025-04-12 N/A
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
CVE-2016-7166 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2025-04-12 N/A
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-2014-4698 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
CVE-2014-7825 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 7.8 High
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
CVE-2014-0231 2 Apache, Redhat 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
CVE-2015-0205 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-12 N/A
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
CVE-2015-0206 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-12 N/A
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
CVE-2015-3187 3 Apache, Apple, Redhat 3 Subversion, Xcode, Enterprise Linux 2025-04-12 N/A
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
CVE-2015-3416 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Watchos, Ubuntu Linux and 4 more 2025-04-12 N/A
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CVE-2014-4049 4 Debian, Opensuse, Php and 1 more 5 Debian Linux, Opensuse, Php and 2 more 2025-04-12 N/A
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
CVE-2011-2513 1 Redhat 3 Enterprise Linux, Icedtea-web, Icedtea6 2025-04-12 N/A
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
CVE-2016-5388 4 Apache, Hp, Oracle and 1 more 13 Tomcat, System Management Homepage, Linux and 10 more 2025-04-12 N/A
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
CVE-2016-5636 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-12 N/A
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
CVE-2014-0191 2 Oracle, Redhat 2 Fusion Middleware, Enterprise Linux 2025-04-12 N/A
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
CVE-2014-0118 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2025-04-12 N/A
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.