Filtered by vendor Redhat
Subscriptions
Total
23293 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13033 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-04-20 | N/A |
| The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | ||||
| CVE-2017-13087 | 7 Canonical, Debian, Freebsd and 4 more | 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | ||||
| CVE-2017-12934 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-20 | N/A |
| ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | ||||
| CVE-2015-5740 | 3 Fedoraproject, Golang, Redhat | 7 Fedora, Go, Enterprise Linux and 4 more | 2025-04-20 | N/A |
| The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||||
| CVE-2016-9396 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | ||||
| CVE-2017-10978 | 3 Debian, Freeradius, Redhat | 9 Debian Linux, Freeradius, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | ||||
| CVE-2016-10160 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Clustered Data Ontap, Php and 1 more | 2025-04-20 | 9.8 Critical |
| Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | ||||
| CVE-2017-13090 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Wget, Enterprise Linux | 2025-04-20 | N/A |
| The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | ||||
| CVE-2017-14495 | 5 Canonical, Debian, Novell and 2 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2025-04-20 | N/A |
| Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | ||||
| CVE-2016-0736 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more | 2025-04-20 | N/A |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. | ||||
| CVE-2017-10983 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-20 | N/A |
| An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | ||||
| CVE-2017-3638 | 2 Oracle, Redhat | 2 Mysql, Rhel Software Collections | 2025-04-20 | N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2017-10987 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-20 | N/A |
| An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | ||||
| CVE-2017-10984 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-20 | N/A |
| An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||||
| CVE-2016-5219 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2017-9242 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | ||||
| CVE-2017-3305 | 3 Debian, Oracle, Redhat | 3 Debian Linux, Mysql, Rhel Software Collections | 2025-04-20 | N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle". | ||||
| CVE-2017-3273 | 2 Oracle, Redhat | 2 Mysql, Rhel Software Collections | 2025-04-20 | N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | ||||
| CVE-2017-9077 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | ||||
| CVE-2016-8693 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 4 Fedora, Jasper, Opensuse and 1 more | 2025-04-20 | N/A |
| Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | ||||