Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

1110 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-3144 4 Isc, Canonical, Debian and 1 more 9 Dhcp, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 5.0
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6....
CVE-2017-3137 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which...
CVE-2017-3136 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 4.3
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to...
CVE-2017-3135 4 Isc, Netapp, Debian and 1 more 10 Bind, Data Ontap Edge, Element Software Management Node and 7 more 2019-10-09 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8,...
CVE-2017-2668 2 Fedoraproject, Redhat 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 4.3
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP...
CVE-2017-2640 3 Pidgin, Debian, Redhat 7 Pidgin, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 7.5
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
CVE-2017-2634 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-10-09 7.8
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory...
CVE-2017-2633 2 Qemu, Redhat 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 4.0
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could...
CVE-2017-2625 2 Redhat, X.org 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 2.1
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key,...
CVE-2017-2618 3 Debian, Linux, Redhat 8 Debian Linux, Linux Kernel, Enterprise Linux and 5 more 2019-10-09 4.9
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
CVE-2017-2616 3 Util-linux Project, Debian, Redhat 7 Util-linux, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 4.7
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
CVE-2017-2590 2 Freeipa, Redhat 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more 2019-10-09 5.5
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete,...
CVE-2017-15101 2 Redhat, Liblouis 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 3 more 2019-10-09 7.5
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
CVE-2017-15097 1 Redhat 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more 2019-10-09 7.2
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
CVE-2017-12173 2 Fedoraproject, Redhat 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 4.0
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for...
CVE-2017-12171 2 Apache, Redhat 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2019-10-09 6.4
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a...
CVE-2017-12163 3 Redhat, Samba, Debian 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-10-09 4.8
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or...
CVE-2017-12151 4 Hp, Samba, Debian and 1 more 8 Cifs Server, Samba, Debian Linux and 5 more 2019-10-09 5.8
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an...
CVE-2017-12150 3 Redhat, Samba, Debian 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-10-09 5.8
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information...
CVE-2017-0903 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 7.5
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to...