Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Eus
Total 767 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0374 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
CVE-2014-9585 7 Canonical, Debian, Fedoraproject and 4 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2024-11-21 2.1 LOW N/A
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more 2024-11-21 2.1 LOW N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
CVE-2014-9322 6 Canonical, Google, Linux and 3 more 6 Ubuntu Linux, Android, Linux Kernel and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
CVE-2014-8964 6 Fedoraproject, Mariadb, Opensuse and 3 more 11 Fedora, Mariadb, Opensuse and 8 more 2024-11-21 5.0 MEDIUM N/A
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
CVE-2014-7840 2 Qemu, Redhat 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 7.5 HIGH N/A
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2014-7815 5 Canonical, Debian, Qemu and 2 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2024-11-21 5.0 MEDIUM N/A
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 85 Mac Os X, Eos, Ubuntu Linux and 82 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2014-6568 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
CVE-2014-6271 17 Apple, Arista, Canonical and 14 more 85 Mac Os X, Eos, Ubuntu Linux and 82 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2014-5353 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-11-21 3.5 LOW N/A
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2014-5077 4 Canonical, Linux, Redhat and 1 more 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more 2024-11-21 7.1 HIGH N/A
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
CVE-2014-5045 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux Eus, Enterprise Linux Server Aus and 1 more 2024-11-21 6.2 MEDIUM N/A
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
CVE-2014-4656 4 Canonical, Linux, Redhat and 1 more 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more 2024-11-21 4.6 MEDIUM N/A
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
CVE-2014-4341 4 Debian, Fedoraproject, Mit and 1 more 10 Debian Linux, Fedora, Kerberos 5 and 7 more 2024-11-21 5.0 MEDIUM N/A
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
CVE-2014-3615 5 Canonical, Debian, Opensuse and 2 more 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more 2024-11-21 2.1 LOW N/A
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-3581 4 Apache, Canonical, Oracle and 1 more 9 Http Server, Ubuntu Linux, Enterprise Manager Ops Center and 6 more 2024-11-21 5.0 MEDIUM N/A
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
CVE-2014-3469 4 Debian, Gnu, Redhat and 1 more 14 Debian Linux, Gnutls, Libtasn1 and 11 more 2024-11-21 5.0 MEDIUM N/A
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
CVE-2014-3468 5 Debian, F5, Gnu and 2 more 16 Debian Linux, Arx, Arx Firmware and 13 more 2024-11-21 7.5 HIGH N/A
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVE-2014-3467 5 Debian, F5, Gnu and 2 more 16 Debian Linux, Arx, Arx Firmware and 13 more 2024-11-21 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.