Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Server Tus Subscribe


220 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 17 Perl, Ubuntu Linux, Debian Linux and 14 more 2019-07-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2014-8567 2 Uninett, Redhat 7 Mod Auth Mellon, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-07-09 9.4
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
CVE-2014-3675 2 Shim, Redhat 9 Shim, Shim, Enterprise Linux Desktop and 6 more 2019-07-08 5.0
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2017-10978 3 Freeradius, Debian, Redhat 8 Freeradius, Debian Linux, Enterprise Linux Desktop and 5 more 2019-07-03 5.0
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
CVE-2018-5390 7 Cisco, F5, Redhat and 4 more 36 Collaboration Meeting Rooms, Digital Network Architecture Center, Expressway and 33 more 2019-06-28 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2018-7566 6 Suse, Linux, Canonical and 3 more 12 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server and 9 more 2019-06-17 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2015-3195 6 Openssl, Apple, Oracle and 3 more 16 Sun Ray Software, Openssl, Transportation Management and 13 more 2019-06-14 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers...
CVE-2015-3196 7 Hp, Openssl, Oracle and 4 more 13 Icewall Sso, Icewall Sso Agent Option, Vm Virtualbox and 10 more 2019-06-13 4.3
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of...
CVE-2015-2582 4 Debian, Oracle, Canonical and 1 more 10 Debian Linux, Ubuntu Linux, Solaris and 7 more 2019-06-13 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-06-13 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2018-11784 6 Apache, Netapp, Canonical and 3 more 15 Tomcat, Snap Creator Framework, Ubuntu Linux and 12 more 2019-06-11 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...
CVE-2019-6454 7 Freedesktop, Netapp, Canonical and 4 more 12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more 2019-06-04 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can...
CVE-2018-18356 5 Google, Debian, Redhat and 2 more 10 Chrome, Debian Linux, Enterprise Linux Desktop and 7 more 2019-06-03 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-6662 5 Mariadb, Percona, Oracle and 2 more 14 Mariadb, Mysql, Percona Server and 11 more 2019-06-03 10.0
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow...
CVE-2018-16865 5 Freedesktop, Canonical, Debian and 2 more 13 Systemd, Ubuntu Linux, Debian Linux and 10 more 2019-06-03 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-06-03 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2019-6133 4 Polkit Project, Debian, Redhat and 1 more 9 Polkit, Debian Linux, Enterprise Linux Desktop and 6 more 2019-05-28 4.4
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in...