Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server Tus
Total 760 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1833 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-3196 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 4.3 MEDIUM N/A
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
CVE-2016-3718 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2014-2438 3 Mariadb, Oracle, Redhat 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
CVE-2016-1839 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-8631 5 Debian, Mit, Opensuse and 2 more 11 Debian Linux, Kerberos 5, Leap and 8 more 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
CVE-2016-6662 5 Debian, Mariadb, Oracle and 2 more 12 Debian Linux, Mariadb, Mysql and 9 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2015-2648 6 Canonical, Debian, Mariadb and 3 more 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more 2025-04-12 7.5 HIGH N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-4830 8 Canonical, Debian, Fedoraproject and 5 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-3276 3 Openldap, Oracle, Redhat 9 Openldap, Linux, Enterprise Linux Desktop and 6 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
CVE-2014-1512 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 10.0 HIGH N/A
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 15 Ubuntu Linux, Firefox, Firefox Os and 12 more 2025-04-12 4.3 MEDIUM 8.8 HIGH
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
CVE-2014-0069 3 Linux, Redhat, Suse 9 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more 2025-04-12 7.2 HIGH N/A
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVE-2015-0382 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
CVE-2016-7163 4 Debian, Fedoraproject, Redhat and 1 more 9 Debian Linux, Fedora, Enterprise Linux Desktop and 6 more 2025-04-12 6.8 MEDIUM 7.8 HIGH
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVE-2015-3195 9 Apple, Canonical, Debian and 6 more 25 Mac Os X, Ubuntu Linux, Debian Linux and 22 more 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVE-2014-2419 3 Mariadb, Oracle, Redhat 9 Mariadb, Mysql, Solaris and 6 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
CVE-2014-3581 4 Apache, Canonical, Oracle and 1 more 9 Http Server, Ubuntu Linux, Enterprise Manager Ops Center and 6 more 2025-04-12 5.0 MEDIUM N/A
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more 2025-04-12 2.1 LOW N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.