Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15695 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1097 | 2 Redhat, Samba | 2 Enterprise Linux, Rsync | 2025-04-11 | N/A |
| rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. | ||||
| CVE-2011-1094 | 1 Redhat | 2 Enterprise Linux, Kdelibs | 2025-04-11 | N/A |
| kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | ||||
| CVE-2011-1090 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. | ||||
| CVE-2011-1089 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-11 | N/A |
| The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | ||||
| CVE-2013-4353 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Rhev Manager | 2025-04-11 | N/A |
| The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. | ||||
| CVE-2010-4167 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-11 | N/A |
| Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. | ||||
| CVE-2013-4248 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Enterprise Linux | 2025-04-11 | N/A |
| The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2010-4165 | 4 Linux, Opensuse, Redhat and 1 more | 7 Linux Kernel, Opensuse, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. | ||||
| CVE-2011-1082 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. | ||||
| CVE-2010-4163 | 4 Linux, Opensuse, Redhat and 1 more | 7 Linux Kernel, Opensuse, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. | ||||
| CVE-2010-4162 | 5 Fedoraproject, Linux, Opensuse and 2 more | 9 Fedora, Linux Kernel, Opensuse and 6 more | 2025-04-11 | N/A |
| Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. | ||||
| CVE-2010-4161 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. | ||||
| CVE-2010-4157 | 5 Fedoraproject, Linux, Opensuse and 2 more | 9 Fedora, Linux Kernel, Opensuse and 6 more | 2025-04-11 | N/A |
| Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. | ||||
| CVE-2010-4156 | 3 Php, Redhat, Scottmac | 3 Php, Enterprise Linux, Libmbfl | 2025-04-11 | N/A |
| The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | ||||
| CVE-2011-1081 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2025-04-11 | N/A |
| modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. | ||||
| CVE-2011-1080 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. | ||||
| CVE-2013-1986 | 2 Redhat, X | 2 Enterprise Linux, Libxrandr | 2025-04-11 | N/A |
| Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. | ||||
| CVE-2012-5615 | 3 Mariadb, Oracle, Redhat | 5 Mariadb, Mysql, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2012-2687 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. | ||||
| CVE-2012-2386 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. | ||||