Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Desktop
Total 1884 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10535 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3 MEDIUM 5.5 MEDIUM
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
CVE-2018-10534 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3 MEDIUM 5.5 MEDIUM
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
CVE-2018-1126 5 Canonical, Debian, Procps-ng Project and 2 more 10 Ubuntu Linux, Debian Linux, Procps-ng and 7 more 2019-07-30 7.5 HIGH 9.8 CRITICAL
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-1000156 4 Canonical, Debian, Gnu and 1 more 9 Ubuntu Linux, Debian Linux, Patch and 6 more 2019-07-30 6.8 MEDIUM 7.8 HIGH
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
CVE-2018-10194 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-07-24 6.8 MEDIUM 7.8 HIGH
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2018-1000121 5 Canonical, Debian, Haxx and 2 more 9 Ubuntu Linux, Debian Linux, Curl and 6 more 2019-07-23 5.0 MEDIUM 7.5 HIGH
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2014-8567 2 Redhat, Uninett 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more 2019-07-09 9.4 HIGH N/A
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
CVE-2017-10978 3 Debian, Freeradius, Redhat 8 Debian Linux, Freeradius, Enterprise Linux Desktop and 5 more 2019-07-03 5.0 MEDIUM 7.5 HIGH
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
CVE-2018-10858 4 Canonical, Debian, Redhat and 1 more 8 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 5 more 2019-06-26 6.5 MEDIUM 8.8 HIGH
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
CVE-2016-0376 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2019-06-24 5.1 MEDIUM 8.1 HIGH
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
CVE-2016-0363 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2019-06-24 6.8 MEDIUM 8.1 HIGH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2015-5006 3 Ibm, Redhat, Suse 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more 2019-06-19 2.1 LOW N/A
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
CVE-2018-1000120 5 Canonical, Debian, Haxx and 2 more 9 Ubuntu Linux, Debian Linux, Curl and 6 more 2019-06-18 7.5 HIGH 9.8 CRITICAL
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2015-0192 3 Ibm, Redhat, Suse 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-06-03 7.5 HIGH N/A
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2019-7837 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-05-23 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-4286 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-05-16 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
CVE-2016-7855 6 Adobe, Apple, Google and 3 more 12 Flash Player, Mac Os X, Chrome Os and 9 more 2019-05-16 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
CVE-2016-7857 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-16 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7859 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-16 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-12547 2 Eclipse, Redhat 5 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-05-16 7.5 HIGH 9.8 CRITICAL
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.