Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Workstation
Total 1730 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9750 4 Debian, Ntp, Oracle and 1 more 6 Debian Linux, Ntp, Linux and 3 more 2025-04-12 5.8 MEDIUM N/A
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2014-1523 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.
CVE-2015-4604 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVE-2016-0596 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-8241 5 Canonical, Debian, Hp and 2 more 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more 2025-04-12 6.4 MEDIUM N/A
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2016-1702 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
CVE-2015-5261 4 Canonical, Debian, Redhat and 1 more 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more 2025-04-12 3.6 LOW 7.1 HIGH
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
CVE-2015-4815 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
CVE-2015-4602 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4643 4 Debian, Oracle, Php and 1 more 9 Debian Linux, Linux, Php and 6 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
CVE-2016-4578 5 Canonical, Debian, Linux and 2 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2025-04-12 2.1 LOW 5.5 MEDIUM
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 2.1 LOW 6.5 MEDIUM
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2014-9751 6 Apple, Debian, Linux and 3 more 8 Macos, Debian Linux, Linux Kernel and 5 more 2025-04-12 6.8 MEDIUM N/A
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
CVE-2015-3195 9 Apple, Canonical, Debian and 6 more 25 Mac Os X, Ubuntu Linux, Debian Linux and 22 more 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVE-2015-4858 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
CVE-2014-7145 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2025-04-12 7.8 HIGH N/A
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.
CVE-2016-3718 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3717 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2025-04-12 7.1 HIGH 5.5 MEDIUM
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.