Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Desktop
Subscriptions
Total
1947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5234 | 3 Fedoraproject, Opensuse, Redhat | 8 Fedora, Opensuse, Enterprise Linux and 5 more | 2025-04-12 | N/A |
| IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. | ||||
| CVE-2016-7865 | 6 Adobe, Apple, Google and 3 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2015-1863 | 5 Canonical, Debian, Opensuse and 2 more | 11 Ubuntu Linux, Debian Linux, Opensuse and 8 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. | ||||
| CVE-2014-0384 | 3 Mariadb, Oracle, Redhat | 10 Mariadb, Mysql, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML. | ||||
| CVE-2015-5261 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. | ||||
| CVE-2016-1683 | 7 Canonical, Debian, Google and 4 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2025-04-12 | N/A |
| numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 10 Subversion, Xcode, Opensuse and 7 more | 2025-04-12 | N/A |
| The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | ||||
| CVE-2016-7857 | 6 Adobe, Apple, Google and 3 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2015-5235 | 3 Fedoraproject, Opensuse, Redhat | 8 Fedora, Opensuse, Enterprise Linux and 5 more | 2025-04-12 | N/A |
| IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | ||||
| CVE-2015-7512 | 4 Debian, Oracle, Qemu and 1 more | 10 Debian Linux, Linux, Qemu and 7 more | 2025-04-12 | 9.0 Critical |
| Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | ||||
| CVE-2015-8631 | 5 Debian, Mit, Opensuse and 2 more | 12 Debian Linux, Kerberos 5, Leap and 9 more | 2025-04-12 | 6.5 Medium |
| Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. | ||||
| CVE-2016-1688 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2025-04-12 | N/A |
| The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. | ||||
| CVE-2016-2107 | 8 Canonical, Debian, Google and 5 more | 18 Ubuntu Linux, Debian Linux, Android and 15 more | 2025-04-12 | 5.9 Medium |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | ||||
| CVE-2016-7863 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2015-3247 | 2 Redhat, Spice Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2025-04-12 | N/A |
| Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. | ||||
| CVE-2016-7860 | 6 Adobe, Apple, Google and 3 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2016-8864 | 4 Debian, Isc, Netapp and 1 more | 16 Debian Linux, Bind, Data Ontap Edge and 13 more | 2025-04-12 | 7.5 High |
| named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | ||||
| CVE-2015-3281 | 6 Canonical, Debian, Haproxy and 3 more | 14 Ubuntu Linux, Debian Linux, Haproxy and 11 more | 2025-04-12 | N/A |
| The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. | ||||
| CVE-2014-0101 | 4 Canonical, F5, Linux and 1 more | 30 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 27 more | 2025-04-12 | N/A |
| The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. | ||||
| CVE-2016-5444 | 4 Ibm, Mariadb, Oracle and 1 more | 12 Powerkvm, Mariadb, Linux and 9 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | ||||