Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5252 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | 7.2 High |
| vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | ||||
| CVE-2016-0596 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. | ||||
| CVE-2016-0729 | 3 Fedoraproject, Redhat, Samsung | 3 Fedora, Enterprise Linux, X14j Firmware | 2025-04-12 | N/A |
| Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. | ||||
| CVE-2015-2783 | 3 Apple, Php, Redhat | 10 Mac Os X, Php, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. | ||||
| CVE-2015-5346 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. | ||||
| CVE-2016-4553 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | ||||
| CVE-2016-2047 | 6 Canonical, Debian, Mariadb and 3 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2025-04-12 | N/A |
| The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | ||||
| CVE-2015-3415 | 6 Apple, Canonical, Debian and 3 more | 7 Mac Os X, Watchos, Ubuntu Linux and 4 more | 2025-04-12 | N/A |
| The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | ||||
| CVE-2016-1577 | 3 Canonical, Jasper Project, Redhat | 3 Ubuntu Linux, Jasper, Enterprise Linux | 2025-04-12 | N/A |
| Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | ||||
| CVE-2015-4588 | 4 Fedoraproject, Opensuse, Redhat and 1 more | 4 Fedora, Opensuse, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. | ||||
| CVE-2016-5118 | 8 Canonical, Debian, Graphicsmagick and 5 more | 15 Ubuntu Linux, Debian Linux, Graphicsmagick and 12 more | 2025-04-12 | 9.8 Critical |
| The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | ||||
| CVE-2015-7183 | 2 Mozilla, Redhat | 6 Firefox, Network Security Services, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2016-2836 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. | ||||
| CVE-2014-9293 | 2 Ntp, Redhat | 3 Ntp, Enterprise Linux, Rhel Eus | 2025-04-12 | N/A |
| The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||||
| CVE-2015-7554 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-04-12 | N/A |
| The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. | ||||
| CVE-2015-4000 | 13 Apple, Canonical, Debian and 10 more | 31 Iphone Os, Mac Os X, Safari and 28 more | 2025-04-12 | N/A |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | ||||
| CVE-2016-5263 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Linux, Enterprise Linux | 2025-04-12 | N/A |
| The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." | ||||
| CVE-2016-5274 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. | ||||
| CVE-2016-0777 | 6 Apple, Hp, Openbsd and 3 more | 8 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 5 more | 2025-04-12 | N/A |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | ||||
| CVE-2016-10011 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | ||||