Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Mission Critical
Subscriptions
Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0060 | 2 Redhat, Rpm | 5 Enterprise Linux, Rhel Els, Rhel Eus and 2 more | 2025-04-11 | N/A |
| RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. | ||||
| CVE-2011-4862 | 9 Debian, Fedoraproject, Freebsd and 6 more | 14 Debian Linux, Fedora, Freebsd and 11 more | 2025-04-11 | N/A |
| Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | ||||
| CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2025-04-11 | 9.8 Critical |
| sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | ||||
| CVE-2012-2110 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 5 more | 2025-04-11 | N/A |
| The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||||
| CVE-2011-3209 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | N/A |
| The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. | ||||
| CVE-2011-3378 | 2 Redhat, Rpm | 5 Enterprise Linux, Rhel Els, Rhel Eus and 2 more | 2025-04-11 | N/A |
| RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. | ||||
| CVE-2013-6420 | 4 Apple, Opensuse, Php and 1 more | 8 Mac Os X, Opensuse, Php and 5 more | 2025-04-11 | N/A |
| The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | ||||
| CVE-2013-5605 | 2 Mozilla, Redhat | 4 Network Security Services, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | N/A |
| Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | ||||
| CVE-2013-4113 | 2 Php, Redhat | 5 Php, Enterprise Linux, Rhel Els and 2 more | 2025-04-11 | N/A |
| ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | ||||
| CVE-2009-0689 | 6 Freebsd, K-meleon Project, Mozilla and 3 more | 9 Freebsd, K-meleon, Firefox and 6 more | 2025-04-09 | N/A |
| Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2025-01-14 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2017-5754 | 3 Arm, Intel, Redhat | 218 Cortex-a, Atom C, Atom E and 215 more | 2024-11-21 | N/A |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | ||||
| CVE-2017-3139 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Server Aus, Enterprise Linux Server Eus and 5 more | 2024-11-21 | 7.5 High |
| A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. | ||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 16 Debian Linux, Bind, Data Ontap Edge and 13 more | 2024-11-21 | N/A |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | ||||
| CVE-2017-2634 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. | ||||