Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4836 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 2.8 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
CVE-2015-4830 8 Canonical, Debian, Fedoraproject and 5 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-4826 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
CVE-2015-4819 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 7.2 HIGH N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
CVE-2015-4816 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-4815 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
CVE-2015-4802 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
CVE-2015-4792 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 1.7 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
CVE-2015-4757 6 Canonical, Debian, Mariadb and 3 more 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-4752 6 Canonical, Debian, Mariadb and 3 more 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
CVE-2015-4643 4 Debian, Oracle, Php and 1 more 9 Debian Linux, Linux, Php and 6 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
CVE-2015-4605 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVE-2015-4604 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVE-2015-4603 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4602 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4601 2 Php, Redhat 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
CVE-2015-4600 2 Php, Redhat 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.
CVE-2015-4599 2 Php, Redhat 7 Php, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4598 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 7.5 HIGH 6.5 MEDIUM
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 15 Ubuntu Linux, Firefox, Firefox Os and 12 more 2024-11-21 4.3 MEDIUM 8.8 HIGH
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.