Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

678 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-15128 2 Redhat, Linux 3 Enterprise Mrg, Linux Kernel, Enterprise Linux 2019-10-09 4.9
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVE-2017-15118 3 Qemu, Canonical, Redhat 3 Qemu, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds...
CVE-2017-15104 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2019-10-09 2.1
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
CVE-2017-15103 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2019-10-09 9.0
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi...
CVE-2017-12197 3 Libpam4j Project, Debian, Redhat 3 Libpam4j, Debian Linux, Enterprise Linux 2019-10-09 4.0
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
CVE-2017-12189 1 Redhat 2 Jboss Enterprise Application Platform, Enterprise Linux 2019-10-09 4.6
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.
CVE-2017-12171 2 Apache, Redhat 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2019-10-09 6.4
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a...
CVE-2017-12151 4 Hp, Samba, Debian and 1 more 8 Cifs Server, Samba, Debian Linux and 5 more 2019-10-09 5.8
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an...
CVE-2016-9583 3 Jasper Project, Redhat, Oracle 9 Jasper, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 6.8
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-8612 3 Apache, Redhat, Netapp 3 Http Server, Enterprise Linux, Storage Automation Store 2019-10-09 3.3
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2016-7056 4 Openssl, Canonical, Debian and 1 more 4 Openssl, Ubuntu Linux, Debian Linux and 1 more 2019-10-09 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2014-3566 11 Openssl, Apple, Redhat and 8 more 21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more 2019-10-09 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-0224 5 Openssl, Fedoraproject, Novell and 2 more 9 Openssl, Enterprise Linux, Fedora and 6 more 2019-10-09 5.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain...
CVE-2017-15121 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-10-09 4.9
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2004-0957 7 Ubuntu, Redhat, Mysql and 4 more 8 Enterprise Linux Desktop, Enterprise Linux, Openpkg and 5 more 2019-10-07 6.8
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct...
CVE-2018-10927 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-16838 2 Fedoraproject, Redhat 3 Sssd, Enterprise Linux, Virtualization 2019-10-03 5.5
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-11235 5 Git-scm, Gitforwindows, Canonical and 2 more 9 Git, Git, Ubuntu Linux and 6 more 2019-10-03 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine...
CVE-2018-5117 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-10-03 5.0
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can...
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-10-03 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.