Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Eus
Subscriptions
Total
778 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 40 Ubuntu Linux, Debian Linux, Fedora and 37 more | 2025-05-06 | 7.8 High |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | ||||
| CVE-2019-15606 | 5 Debian, Nodejs, Opensuse and 2 more | 9 Debian Linux, Node.js, Leap and 6 more | 2025-04-30 | 9.8 Critical |
| Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | ||||
| CVE-2019-15605 | 6 Debian, Fedoraproject, Nodejs and 3 more | 16 Debian Linux, Fedora, Node.js and 13 more | 2025-04-30 | 9.8 Critical |
| HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | ||||
| CVE-2019-15604 | 5 Debian, Nodejs, Opensuse and 2 more | 12 Debian Linux, Node.js, Leap and 9 more | 2025-04-30 | 7.5 High |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | ||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 23 Fedora, Glibc, Active Iq Unified Manager and 20 more | 2025-04-30 | 5.9 Medium |
| A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | ||||
| CVE-2023-4806 | 3 Fedoraproject, Gnu, Redhat | 24 Fedora, Glibc, Codeready Linux Builder Eus and 21 more | 2025-04-30 | 5.9 Medium |
| A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | ||||
| CVE-2019-14865 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-04-29 | 5.9 Medium |
| A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. | ||||
| CVE-2024-6387 | 9 Amazon, Canonical, Debian and 6 more | 24 Linux 2023, Ubuntu Linux, Debian Linux and 21 more | 2025-04-24 | 8.1 High |
| A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | ||||
| CVE-2023-6535 | 2 Linux, Redhat | 19 Linux Kernel, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 16 more | 2025-04-24 | 6.5 Medium |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | ||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2025-04-23 | 8.8 High |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | ||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 15 Flash Player, Mac Os X, Linux Kernel and 12 more | 2025-04-21 | 9.8 Critical |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | ||||
| CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 22 Iphone Os, Mac Os X, Tvos and 19 more | 2025-04-20 | 8.8 High |
| The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | ||||
| CVE-2017-10053 | 5 Debian, Netapp, Oracle and 2 more | 32 Debian Linux, Active Iq Unified Manager, Cloud Backup and 29 more | 2025-04-20 | 5.3 Medium |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 27 Iphone Os, Mac Os X, Tvos and 24 more | 2025-04-20 | 9.8 Critical |
| The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | ||||
| CVE-2016-9840 | 9 Apple, Boost, Canonical and 6 more | 23 Iphone Os, Mac Os X, Tvos and 20 more | 2025-04-20 | 8.8 High |
| inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||||
| CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 10 Debian Linux, Fedora, Gstreamer and 7 more | 2025-04-20 | 4.7 Medium |
| The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | ||||
| CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 42 Iphone Os, Mac Os X, Tvos and 39 more | 2025-04-20 | 9.8 Critical |
| inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||||
| CVE-2017-10067 | 4 Debian, Netapp, Oracle and 1 more | 30 Debian Linux, Active Iq Unified Manager, Cloud Backup and 27 more | 2025-04-20 | 7.5 High |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 14 Debian Linux, Bind, Data Ontap Edge and 11 more | 2025-04-20 | 7.5 High |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | ||||
| CVE-2016-6797 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2025-04-20 | 7.5 High |
| The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. | ||||