Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server Tus
Total 626 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0797 6 Debian, Gstreamer Project, Linux and 3 more 15 Debian Linux, Gstreamer, Linux Kernel and 12 more 2025-04-12 6.8 MEDIUM N/A
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
CVE-2014-6568 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
CVE-2015-4792 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 1.7 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
CVE-2014-1518 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-9585 7 Canonical, Debian, Fedoraproject and 4 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2025-04-12 2.1 LOW N/A
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
CVE-2014-1531 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.
CVE-2014-8964 6 Fedoraproject, Mariadb, Opensuse and 3 more 11 Fedora, Mariadb, Opensuse and 8 more 2025-04-12 5.0 MEDIUM N/A
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
CVE-2015-8629 5 Debian, Mit, Opensuse and 2 more 12 Debian Linux, Kerberos 5, Leap and 9 more 2025-04-12 2.1 LOW 5.3 MEDIUM
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
CVE-2014-9529 6 Canonical, Debian, Fedoraproject and 3 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 6.9 MEDIUM N/A
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
CVE-2016-3492 3 Mariadb, Oracle, Redhat 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more 2025-04-12 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2014-0101 4 Canonical, F5, Linux and 1 more 27 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 24 more 2025-04-12 7.8 HIGH N/A
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
CVE-2014-1513 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 9.3 HIGH 8.8 HIGH
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.
CVE-2015-4802 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2014-5045 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux Eus, Enterprise Linux Server Aus and 1 more 2025-04-12 6.2 MEDIUM N/A
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
CVE-2015-4816 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-0381 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
CVE-2016-1833 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-2582 5 Canonical, Debian, Mariadb and 2 more 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2015-2571 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.