Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Server Eus Subscribe

Filter

476 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2017-2626 2 Freedesktop, Redhat 6 Libice, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-07-14 2.1
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
CVE-2014-8567 2 Uninett, Redhat 7 Mod Auth Mellon, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-07-09 9.4
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
CVE-2014-3675 2 Shim, Redhat 9 Shim, Shim, Enterprise Linux Desktop and 6 more 2019-07-08 5.0
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2017-10978 3 Freeradius, Debian, Redhat 8 Freeradius, Debian Linux, Enterprise Linux Desktop and 5 more 2019-07-03 5.0
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
CVE-2018-5390 7 Cisco, F5, Redhat and 4 more 36 Collaboration Meeting Rooms, Digital Network Architecture Center, Expressway and 33 more 2019-06-28 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2018-7566 6 Suse, Linux, Canonical and 3 more 12 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server and 9 more 2019-06-17 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2015-3195 6 Openssl, Apple, Oracle and 3 more 16 Sun Ray Software, Openssl, Transportation Management and 13 more 2019-06-14 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers...
CVE-2015-3196 7 Hp, Openssl, Oracle and 4 more 13 Icewall Sso, Icewall Sso Agent Option, Vm Virtualbox and 10 more 2019-06-13 4.3
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of...
CVE-2015-2582 4 Debian, Oracle, Canonical and 1 more 10 Debian Linux, Ubuntu Linux, Solaris and 7 more 2019-06-13 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-06-13 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2018-11784 6 Apache, Netapp, Canonical and 3 more 15 Tomcat, Snap Creator Framework, Ubuntu Linux and 12 more 2019-06-11 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...
CVE-2018-5740 5 Isc, Netapp, Canonical and 2 more 9 Bind, Data Ontap Edge, Ubuntu Linux and 6 more 2019-06-10 5.0
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this...
CVE-2019-6454 7 Freedesktop, Netapp, Canonical and 4 more 12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more 2019-06-04 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can...
CVE-2018-18356 5 Google, Debian, Redhat and 2 more 10 Chrome, Debian Linux, Enterprise Linux Desktop and 7 more 2019-06-03 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-6662 5 Mariadb, Percona, Oracle and 2 more 14 Mariadb, Mysql, Percona Server and 11 more 2019-06-03 10.0
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow...
CVE-2018-16865 5 Freedesktop, Canonical, Debian and 2 more 13 Systemd, Ubuntu Linux, Debian Linux and 10 more 2019-06-03 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...
CVE-2015-0192 3 Ibm, Redhat, Suse 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-06-03 7.5
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.