Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

1110 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-0902 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 6.8
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
CVE-2017-0901 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 6.4
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2017-0899 3 Rubygems, Debian, Redhat 8 Rubygems, Debian Linux, Enterprise Linux Desktop and 5 more 2019-10-09 7.5
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
CVE-2016-9600 3 Jasper Project, Canonical, Redhat 8 Jasper, Ubuntu Linux, Enterprise Linux Desktop and 5 more 2019-10-09 4.3
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9591 3 Jasper Project, Debian, Redhat 6 Jasper, Debian Linux, Enterprise Linux Desktop and 3 more 2019-10-09 4.3
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2016-9583 3 Jasper Project, Redhat, Oracle 9 Jasper, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 6.8
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-9579 1 Redhat 6 Ceph Storage, Ceph Storage Mon, Ceph Storage Osd and 3 more 2019-10-09 5.0
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a...
CVE-2016-9578 3 Spice Project, Debian, Redhat 7 Spice, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 5.0
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
CVE-2016-9577 3 Spice Project, Debian, Redhat 7 Spice, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 6.5
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
CVE-2016-9573 3 Openjpeg, Debian, Redhat 7 Openjpeg, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 5.8
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
CVE-2016-8654 3 Jasper Project, Debian, Redhat 7 Jasper, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 6.8
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVE-2016-8635 2 Mozilla, Redhat 7 Network Security Services, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 4.3
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2016-8626 1 Redhat 4 Ceph, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 6.8
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
CVE-2016-2125 2 Redhat, Samba 8 Gluster Storage, Samba, Enterprise Linux Desktop and 5 more 2019-10-09 3.3
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to...
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2014-3566 11 Openssl, Apple, Redhat and 8 more 21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more 2019-10-09 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2017-15121 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-10-09 4.9
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2004-0957 7 Ubuntu, Redhat, Mysql and 4 more 8 Enterprise Linux Desktop, Enterprise Linux, Openpkg and 5 more 2019-10-07 6.8
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct...