Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15687 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3064 | 2 Redhat, Yaml Project | 7 Enterprise Linux, Openshift, Openshift Devspaces and 4 more | 2025-04-14 | 7.5 High |
| Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. | ||||
| CVE-2022-3594 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-14 | 5.3 Medium |
| A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | ||||
| CVE-2015-2787 | 4 Apple, Opensuse, Php and 1 more | 11 Mac Os X, Opensuse, Php and 8 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. | ||||
| CVE-2016-3115 | 3 Openbsd, Oracle, Redhat | 3 Openssh, Vm Server, Enterprise Linux | 2025-04-12 | N/A |
| Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | ||||
| CVE-2015-7509 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | ||||
| CVE-2014-3631 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. | ||||
| CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more | 2025-04-12 | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | ||||
| CVE-2015-0254 | 3 Apache, Canonical, Redhat | 5 Standard Taglibs, Ubuntu Linux, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. | ||||
| CVE-2014-8159 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | N/A |
| The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. | ||||
| CVE-2013-6442 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2025-04-12 | N/A |
| The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. | ||||
| CVE-2014-9420 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | N/A |
| The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. | ||||
| CVE-2016-10088 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | 7.0 High |
| The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. | ||||
| CVE-2014-1581 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | ||||
| CVE-2014-3645 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-04-12 | N/A |
| arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | ||||
| CVE-2015-0807 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | ||||
| CVE-2016-0639 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. | ||||
| CVE-2015-0822 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | ||||
| CVE-2014-1583 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. | ||||
| CVE-2014-3513 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Storage | 2025-04-12 | N/A |
| Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. | ||||
| CVE-2016-9536 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-04-12 | N/A |
| tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." | ||||