Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Workstation
Total 1787 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3173 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-01-24 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
CVE-2016-4123 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2023-01-20 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-4154 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2023-01-19 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-4153 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2023-01-19 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 29 Eos, Ubuntu Linux, Debian Linux and 26 more 2023-01-19 10.0 HIGH 9.8 CRITICAL
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2017-1000251 4 Debian, Linux, Nvidia and 1 more 10 Debian Linux, Linux Kernel, Jetson Tk1 and 7 more 2023-01-19 7.7 HIGH 8.0 HIGH
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
CVE-2021-3656 3 Fedoraproject, Linux, Redhat 26 Fedora, Linux Kernel, 3scale Api Management and 23 more 2023-01-19 7.2 HIGH 8.8 HIGH
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
CVE-2014-7145 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2023-01-17 7.8 HIGH N/A
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.
CVE-2018-18445 3 Canonical, Linux, Redhat 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 5 more 2023-01-17 7.2 HIGH 7.8 HIGH
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
CVE-2017-1000111 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2023-01-17 7.2 HIGH 7.8 HIGH
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
CVE-2018-20097 4 Debian, Exiv2, Fedoraproject and 1 more 6 Debian Linux, Exiv2, Fedora and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-19535 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
CVE-2018-19108 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
CVE-2018-17581 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
CVE-2018-8976 3 Debian, Exiv2, Redhat 5 Debian Linux, Exiv2, Enterprise Linux Desktop and 2 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more 2022-12-28 7.8 HIGH 7.5 HIGH
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2013-1620 4 Canonical, Mozilla, Oracle and 1 more 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more 2022-12-21 4.3 MEDIUM N/A
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-0791 4 Canonical, Mozilla, Oracle and 1 more 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more 2022-12-21 5.0 MEDIUM N/A
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
CVE-2013-5829 3 Canonical, Oracle, Redhat 8 Ubuntu Linux, Jdk, Jre and 5 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.
CVE-2013-5830 3 Canonical, Oracle, Redhat 9 Ubuntu Linux, Jdk, Jre and 6 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.