Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7294 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | 7.8 High |
| The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | ||||
| CVE-2016-9392 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||||
| CVE-2016-9394 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||||
| CVE-2015-1795 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Storage | 2025-04-20 | N/A |
| Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | ||||
| CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2025-04-20 | N/A |
| Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | ||||
| CVE-2017-5551 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | N/A |
| The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | ||||
| CVE-2016-9813 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2025-04-20 | N/A |
| The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | ||||
| CVE-2017-7645 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-20 | 7.5 High |
| The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | ||||
| CVE-2017-7555 | 2 Augeas, Redhat | 5 Augeas, Enterprise Linux, Rhel Aus and 2 more | 2025-04-20 | N/A |
| Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | ||||
| CVE-2017-7207 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2025-04-20 | N/A |
| The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | ||||
| CVE-2017-7551 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-20 | N/A |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | ||||
| CVE-2017-7187 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. | ||||
| CVE-2016-7543 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Bash, Enterprise Linux | 2025-04-20 | N/A |
| Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | ||||
| CVE-2017-7546 | 3 Debian, Postgresql, Redhat | 4 Debian Linux, Postgresql, Enterprise Linux and 1 more | 2025-04-20 | N/A |
| PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | ||||
| CVE-2017-7542 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | N/A |
| The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | ||||
| CVE-2017-7541 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. | ||||
| CVE-2017-5647 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-20 | N/A |
| A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. | ||||
| CVE-2017-5648 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-20 | N/A |
| While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. | ||||
| CVE-2017-10978 | 3 Debian, Freeradius, Redhat | 9 Debian Linux, Freeradius, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | ||||
| CVE-2017-10981 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-20 | N/A |
| An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | ||||