Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7091 1 Redhat 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more 2016-12-23 4.9 MEDIUM 4.4 MEDIUM
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
CVE-2016-7065 1 Redhat 1 Jboss Enterprise Application Platform 2016-12-22 6.5 MEDIUM 8.8 HIGH
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
CVE-2015-1214 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.
CVE-2015-1230 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers "type confusion."
CVE-2015-1231 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1217 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2015-1229 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 5.0 MEDIUM N/A
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
CVE-2015-1218 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.
CVE-2015-1216 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.
CVE-2015-1215 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
CVE-2015-1220 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 6.8 MEDIUM N/A
Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.
CVE-2015-1228 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.
CVE-2015-1219 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.
CVE-2014-8241 2 Redhat, Tigervnc 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more 2016-12-19 7.5 HIGH 9.8 CRITICAL
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
CVE-2014-3660 5 Apple, Canonical, Debian and 2 more 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more 2016-12-07 5.0 MEDIUM N/A
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
CVE-2012-2697 1 Redhat 1 Enterprise Linux 2016-12-07 4.9 MEDIUM N/A
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map."
CVE-2004-1013 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more 6 Cyrus Imap Server, Linux, Openpkg and 3 more 2016-12-07 10.0 HIGH N/A
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more 2016-12-07 5.0 MEDIUM N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2012-0867 4 Debian, Opensuse Project, Postgresql and 1 more 11 Debian Linux, Opensuse, Postgresql and 8 more 2016-12-07 4.3 MEDIUM N/A
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2016-2051 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more 2016-12-07 6.8 MEDIUM 9.8 CRITICAL
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.