Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

678 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-1779 6 Canonical, Redhat, Qemu and 3 more 7 Ubuntu Linux, Qemu, Debian Linux and 4 more 2017-07-01 7.8
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2013-4332 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2017-07-01 4.3
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3)...
CVE-2017-9953 2 Exiv2, Redhat 2 Exiv2, Enterprise Linux 2017-06-30 5.0
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Enterprise Linux, Fedora, Pcs 2017-04-27 4.3
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Enterprise Linux, Fedora, Pcs 2017-04-27 6.8
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2016-1000033 2 Shotwell Project, Redhat 2 Enterprise Linux, Shotwell 2017-02-19 4.3
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
CVE-2015-4910 2 Oracle, Redhat 2 Enterprise Linux, Mysql 2016-12-24 2.1
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
CVE-2015-4890 2 Oracle, Redhat 2 Enterprise Linux, Mysql 2016-12-24 3.5
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
CVE-2015-4862 2 Oracle, Redhat 2 Enterprise Linux, Mysql 2016-12-24 4.0
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-4800 2 Oracle, Redhat 2 Enterprise Linux, Mysql 2016-12-24 4.0
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-2775 4 Redhat, Debian, Canonical and 1 more 4 Debian Linux, Ubuntu Linux, Mailman and 1 more 2016-12-24 7.6
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
CVE-2016-7091 1 Redhat 5 Enterprise Linux Server, Enterprise Linux Desktop, Enterprise Linux and 2 more 2016-12-23 4.9
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a...
CVE-2014-3660 5 Canonical, Apple, Debian and 2 more 5 Libxml2, Mac Os X, Ubuntu Linux and 2 more 2016-12-08 5.0
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document...
CVE-2012-2697 1 Redhat 1 Enterprise Linux 2016-12-08 4.9
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an...
CVE-2012-0867 4 Opensuse Project, Postgresql, Debian and 1 more 11 Postgresql, Debian Linux, Enterprise Linux Desktop and 8 more 2016-12-07 4.3
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2015-5281 1 Redhat 1 Enterprise Linux 2016-12-07 2.6
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module...
CVE-2015-5229 1 Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Enterprise Linux Server Aus and 5 more 2016-11-28 5.0
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2013-4248 3 Php, Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Php 2016-11-28 4.3
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...
CVE-2012-3440 2 Todd Miller, Redhat 2 Sudo, Enterprise Linux 2016-11-28 5.6
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2010-2598 1 Redhat 1 Enterprise Linux 2016-11-08 4.3
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service...