Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5235 3 Fedoraproject, Opensuse, Redhat 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more 2024-11-21 4.3 MEDIUM N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
CVE-2015-5234 3 Fedoraproject, Opensuse, Redhat 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more 2024-11-21 6.8 MEDIUM N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-5219 10 Canonical, Debian, Fedoraproject and 7 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2015-5195 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2015-5194 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVE-2015-5165 7 Arista, Debian, Fedoraproject and 4 more 24 Eos, Debian Linux, Fedora and 21 more 2024-11-21 9.3 HIGH N/A
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5160 2 Libvirt, Redhat 10 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 2.1 LOW 5.5 MEDIUM
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
CVE-2015-5157 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2024-11-21 7.2 HIGH N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2015-5123 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2015-5119 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVE-2015-5006 3 Ibm, Redhat, Suse 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more 2024-11-21 2.1 LOW N/A
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
CVE-2015-4913 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
CVE-2015-4902 4 Opensuse, Oracle, Redhat and 1 more 21 Leap, Opensuse, Jdk and 18 more 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVE-2015-4879 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-11-21 4.6 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
CVE-2015-4870 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
CVE-2015-4864 4 Canonical, Mariadb, Oracle and 1 more 10 Ubuntu Linux, Mariadb, Mysql and 7 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-4861 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-4858 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.