Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Workstation
Total 1730 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4148 3 Apple, Php, Redhat 8 Mac Os X, Php, Enterprise Linux Desktop and 5 more 2025-04-12 5.0 MEDIUM N/A
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
CVE-2016-1839 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-4133 8 Adobe, Apple, Google and 5 more 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-7859 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2025-04-12 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2014-8169 3 Automount Project, Opensuse, Redhat 6 Automount, Opensuse, Enterprise Linux Desktop and 3 more 2025-04-12 4.4 MEDIUM N/A
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVE-2016-4125 8 Adobe, Apple, Google and 5 more 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-3698 4 Canonical, Debian, Libndp and 1 more 10 Ubuntu Linux, Debian Linux, Libndp and 7 more 2025-04-12 6.8 MEDIUM 8.1 HIGH
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
CVE-2015-1212 7 Apple, Canonical, Google and 4 more 11 Macos, Ubuntu Linux, Chrome and 8 more 2025-04-12 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-2775 4 Fedoraproject, Hp, Isc and 1 more 9 Fedora, Hp-ux, Bind and 6 more 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-3710 7 Canonical, Citrix, Debian and 4 more 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more 2025-04-12 7.2 HIGH 8.8 HIGH
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4302 2 Libarchive, Redhat 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-12 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more 2025-04-12 5.0 MEDIUM N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2014-1532 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
CVE-2016-1837 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-4151 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-0363 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2025-04-12 6.8 MEDIUM 8.1 HIGH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2016-7861 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2025-04-12 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2015-0441 6 Canonical, Debian, Mariadb and 3 more 13 Ubuntu Linux, Debian Linux, Mariadb and 10 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
CVE-2016-0636 2 Oracle, Redhat 7 Jdk, Jre, Enterprise Linux Desktop and 4 more 2025-04-12 9.3 HIGH 8.1 HIGH
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
CVE-2016-1701 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.