Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Server
Subscriptions
Total
1913 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5273 | 1 Redhat | 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2025-04-12 | N/A |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | ||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 17 Iphone Os, Mac Os X, Safari and 14 more | 2025-04-12 | N/A |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2016-0363 | 3 Ibm, Novell, Redhat | 15 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 12 more | 2025-04-12 | N/A |
| The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. | ||||
| CVE-2016-5624 | 3 Mariadb, Oracle, Redhat | 10 Mariadb, Mysql, Enterprise Linux and 7 more | 2025-04-12 | 6.5 Medium |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. | ||||
| CVE-2016-0758 | 3 Canonical, Linux, Redhat | 12 Ubuntu Linux, Linux Kernel, Enterprise Linux and 9 more | 2025-04-12 | 7.8 High |
| Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. | ||||
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | ||||
| CVE-2014-1518 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | 8.8 High |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-4151 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player Desktop Runtime, Mac Os X and 12 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 11 Libarchive, Linux, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||||
| CVE-2016-5626 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux and 5 more | 2025-04-12 | 6.5 Medium |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | ||||
| CVE-2015-4819 | 6 Canonical, Debian, Fedoraproject and 3 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. | ||||
| CVE-2015-1241 | 6 Canonical, Debian, Google and 3 more | 12 Ubuntu Linux, Debian Linux, Chrome and 9 more | 2025-04-12 | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | ||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | ||||
| CVE-2015-1211 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. | ||||
| CVE-2014-9751 | 6 Apple, Debian, Linux and 3 more | 9 Macos, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | N/A |
| The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. | ||||
| CVE-2016-1690 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. | ||||
| CVE-2015-1209 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. | ||||
| CVE-2014-8108 | 3 Apache, Apple, Redhat | 7 Subversion, Xcode, Enterprise Linux and 4 more | 2025-04-12 | N/A |
| The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | ||||
| CVE-2016-0505 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. | ||||
| CVE-2014-1531 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | 8.8 High |
| Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. | ||||