Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1843 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18445 3 Canonical, Linux, Redhat 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 5 more 2023-01-17 7.2 HIGH 7.8 HIGH
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
CVE-2017-1000111 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2023-01-17 7.2 HIGH 7.8 HIGH
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
CVE-2018-20097 4 Debian, Exiv2, Fedoraproject and 1 more 6 Debian Linux, Exiv2, Fedora and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2018-19108 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
CVE-2018-19535 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
CVE-2018-17581 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
CVE-2018-8976 3 Debian, Exiv2, Redhat 5 Debian Linux, Exiv2, Enterprise Linux Desktop and 2 more 2023-01-13 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more 2022-12-28 7.8 HIGH 7.5 HIGH
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2013-1620 4 Canonical, Mozilla, Oracle and 1 more 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more 2022-12-21 4.3 MEDIUM N/A
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-0791 4 Canonical, Mozilla, Oracle and 1 more 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more 2022-12-21 5.0 MEDIUM N/A
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
CVE-2013-5829 3 Canonical, Oracle, Redhat 8 Ubuntu Linux, Jdk, Jre and 5 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.
CVE-2013-5830 3 Canonical, Oracle, Redhat 9 Ubuntu Linux, Jdk, Jre and 6 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2013-5842 3 Canonical, Oracle, Redhat 8 Ubuntu Linux, Jdk, Jre and 5 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
CVE-2012-4681 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux Desktop and 3 more 2022-12-21 10.0 HIGH N/A
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
CVE-2013-5843 2 Oracle, Redhat 8 Javafx, Jdk, Jre and 5 more 2022-12-21 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2012-1717 5 Linux, Oracle, Redhat and 2 more 19 Linux Kernel, Jdk, Jre and 16 more 2022-12-13 2.1 LOW N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
CVE-2017-15906 5 Debian, Netapp, Openbsd and 2 more 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more 2022-12-13 5.0 MEDIUM 5.3 MEDIUM
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2015-3196 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2022-12-13 4.3 MEDIUM N/A
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
CVE-2016-1908 4 Debian, Openbsd, Oracle and 1 more 9 Debian Linux, Openssh, Linux and 6 more 2022-12-13 7.5 HIGH 9.8 CRITICAL
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
CVE-2016-2106 2 Openssl, Redhat 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2022-12-13 5.0 MEDIUM 7.5 HIGH
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.