Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

1110 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-7050 1 Redhat 4 Enterprise Linux Server, Enterprise Linux Workstation, Enterprise Linux Hpc Node and 1 more 2017-06-16 7.5
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
CVE-2016-4455 2 Candlepinproject, Redhat 5 Enterprise Linux Server, Subscription Manager, Enterprise Linux Desktop and 2 more 2017-04-25 2.1
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2016-5410 2 Firewalld, Redhat 5 Enterprise Linux Server, Enterprise Linux Desktop, Enterprise Linux Workstation and 2 more 2017-04-25 2.1
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
CVE-2016-5011 3 Ibm, Util-linux Project, Redhat 7 Enterprise Linux Server, Enterprise Linux Desktop, Powerkvm and 4 more 2017-04-17 4.7
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot...
CVE-2016-4989 2 Setroubleshoot Project, Redhat 5 Setroubleshoot, Enterprise Linux Server, Enterprise Linux Desktop and 2 more 2017-04-17 6.9
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or...
CVE-2016-4446 2 Setroubleshoot Project, Redhat 5 Setroubleshoot, Enterprise Linux Server, Enterprise Linux Desktop and 2 more 2017-04-17 6.9
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
CVE-2016-4445 2 Setroubleshoot Project, Redhat 5 Setroubleshoot, Enterprise Linux Server, Enterprise Linux Desktop and 2 more 2017-04-17 6.9
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the...
CVE-2016-4444 2 Setroubleshoot Project, Redhat 5 Setroubleshoot, Enterprise Linux Server, Enterprise Linux Desktop and 2 more 2017-04-17 6.9
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
CVE-2016-5009 1 Redhat 7 Enterprise Linux For Scientific Computing, Enterprise Linux Desktop, Ceph Storage Mon and 4 more 2017-01-18 4.0
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-4171 2 Redhat, Adobe 5 Enterprise Linux Desktop, Enterprise Linux Workstation, Flash Player and 2 more 2017-01-11 10.0
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
CVE-2015-1774 6 Canonical, Redhat, Apache and 3 more 8 Ubuntu Linux, Libreoffice, Debian Linux and 5 more 2017-01-03 6.8
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an...
CVE-2014-8108 3 Apache, Apple, Redhat 6 Enterprise Linux Desktop, Subversion, Xcode and 3 more 2017-01-03 5.0
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup...
CVE-2014-3580 4 Apache, Apple, Debian and 1 more 8 Debian Linux, Enterprise Linux Desktop, Subversion and 5 more 2016-12-24 5.0
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that...
CVE-2016-7091 1 Redhat 5 Enterprise Linux Server, Enterprise Linux Desktop, Enterprise Linux and 2 more 2016-12-23 4.9
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a...
CVE-2015-5157 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2016-12-22 7.2
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2014-8241 2 Tigervnc, Redhat 5 Enterprise Linux Server, Tigervnc, Enterprise Linux Desktop and 2 more 2016-12-20 7.5
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
CVE-2012-0867 4 Opensuse Project, Postgresql, Debian and 1 more 11 Postgresql, Debian Linux, Enterprise Linux Desktop and 8 more 2016-12-07 4.3
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2015-5287 1 Redhat 5 Enterprise Linux Server, Enterprise Linux Desktop, Enterprise Linux Workstation and 2 more 2016-12-07 6.9
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by...
CVE-2015-5273 1 Redhat 5 Enterprise Linux Server, Enterprise Linux Desktop, Enterprise Linux Workstation and 2 more 2016-12-07 3.6
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable...
CVE-2016-0758 2 Linux, Redhat 8 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server Aus and 5 more 2016-11-28 7.2
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.