Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Eus Subscriptions
Total 785 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-5119 7 Adobe, Apple, Linux and 4 more 15 Flash Player, Mac Os X, Linux Kernel and 12 more 2025-07-30 9.8 Critical
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-2590 6 Canonical, Debian, Opensuse and 3 more 25 Ubuntu Linux, Debian Linux, Opensuse and 22 more 2025-07-30 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2025-07-30 7.8 High
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVE-2015-4902 4 Opensuse, Oracle, Redhat and 1 more 24 Leap, Opensuse, Jdk and 21 more 2025-07-30 5.3 Medium
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVE-2016-1646 6 Canonical, Debian, Google and 3 more 11 Ubuntu Linux, Debian Linux, Chrome and 8 more 2025-07-30 8.8 High
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 42 Cassandra, Ubuntu Linux, Debian Linux and 39 more 2025-07-30 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-3715 6 Canonical, Imagemagick, Opensuse and 3 more 31 Ubuntu Linux, Imagemagick, Leap and 28 more 2025-07-30 5.5 Medium
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3718 6 Canonical, Imagemagick, Opensuse and 3 more 31 Ubuntu Linux, Imagemagick, Leap and 28 more 2025-07-30 5.5 Medium
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-5195 7 Canonical, Debian, Fedoraproject and 4 more 24 Ubuntu Linux, Debian Linux, Fedora and 21 more 2025-07-30 7 High
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVE-2017-8291 3 Artifex, Debian, Redhat 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more 2025-07-30 7.8 High
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2017-12615 4 Apache, Microsoft, Netapp and 1 more 24 Tomcat, Windows, 7-mode Transition Tool and 21 more 2025-07-30 8.1 High
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 60 Tomcat, Ubuntu Linux, Debian Linux and 57 more 2025-07-30 8.1 High
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2019-0211 8 Apache, Canonical, Debian and 5 more 28 Http Server, Ubuntu Linux, Debian Linux and 25 more 2025-07-30 7.8 High
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2025-07-30 8.7 High
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2021-40438 11 Apache, Broadcom, Debian and 8 more 45 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 42 more 2025-07-30 9 Critical
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 37 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 34 more 2025-07-30 7.8 High
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2019-8720 3 Redhat, Webkitgtk, Wpewebkit 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more 2025-07-30 8.8 High
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
CVE-2023-4911 6 Canonical, Debian, Fedoraproject and 3 more 40 Ubuntu Linux, Debian Linux, Fedora and 37 more 2025-07-30 7.8 High
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVE-2024-12088 8 Almalinux, Archlinux, Gentoo and 5 more 21 Almalinux, Arch Linux, Linux and 18 more 2025-07-29 6.5 Medium
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12087 8 Almalinux, Archlinux, Gentoo and 5 more 20 Almalinux, Arch Linux, Linux and 17 more 2025-07-29 6.5 Medium
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.