Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Workstation Subscriptions
Total 1850 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8242 5 Apple, Canonical, Hp and 2 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 N/A
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-4861 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-5277 3 Canonical, Gnu, Redhat 8 Ubuntu Linux, Glibc, Enterprise Linux and 5 more 2025-04-12 N/A
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVE-2015-5287 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
CVE-2015-8327 4 Canonical, Debian, Linuxfoundation and 1 more 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more 2025-04-12 N/A
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
CVE-2015-8629 5 Debian, Mit, Opensuse and 2 more 13 Debian Linux, Kerberos 5, Leap and 10 more 2025-04-12 5.3 Medium
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
CVE-2015-8317 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-5273 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVE-2014-3528 5 Apache, Apple, Canonical and 2 more 10 Subversion, Xcode, Ubuntu Linux and 7 more 2025-04-12 N/A
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
CVE-2015-4142 3 Opensuse, Redhat, W1.fi 8 Opensuse, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-12 N/A
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2025-04-12 7.8 High
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVE-2015-8651 9 Adobe, Apple, Google and 6 more 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more 2025-04-12 8.8 High
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-4858 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
CVE-2014-2436 3 Mariadb, Oracle, Redhat 11 Mariadb, Mysql, Solaris and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
CVE-2015-4752 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
CVE-2015-4757 6 Canonical, Debian, Mariadb and 3 more 13 Ubuntu Linux, Debian Linux, Mariadb and 10 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-7981 4 Canonical, Debian, Libpng and 1 more 13 Ubuntu Linux, Debian Linux, Libpng and 10 more 2025-04-12 N/A
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
CVE-2015-4022 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
CVE-2015-4603 2 Php, Redhat 9 Php, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4026 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.