Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15463 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||
| CVE-2016-10745 | 2 Palletsprojects, Redhat | 9 Jinja, Enterprise Linux, Rhel Aus and 6 more | 2024-11-21 | N/A |
| In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | ||||
| CVE-2016-10741 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | ||||
| CVE-2016-10739 | 3 Gnu, Opensuse, Redhat | 4 Glibc, Leap, Ansible Tower and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | ||||
| CVE-2016-10735 | 2 Getbootstrap, Redhat | 9 Bootstrap, Cloudforms Managementengine, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | ||||
| CVE-2016-10730 | 2 Redhat, Zmanda | 2 Enterprise Linux, Amanda | 2024-11-21 | N/A |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. | ||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2024-11-21 | N/A |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | ||||
| CVE-2016-10727 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Evolution, Enterprise Linux | 2024-11-21 | N/A |
| camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. | ||||
| CVE-2016-10713 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | ||||
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||
| CVE-2016-10245 | 2 Doxygen, Redhat | 2 Doxygen, Enterprise Linux | 2024-11-21 | N/A |
| Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. | ||||
| CVE-2016-1000110 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Python and 2 more | 2024-11-21 | 6.1 Medium |
| The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | ||||
| CVE-2016-1000037 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Pagure | 2024-11-21 | 6.1 Medium |
| Pagure: XSS possible in file attachment endpoint | ||||
| CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2024-11-21 | 2.4 Low |
| gdm3 3.14.2 and possibly later has an information leak before screen lock | ||||
| CVE-2015-9541 | 3 Fedoraproject, Qt, Redhat | 3 Fedora, Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | ||||
| CVE-2015-9382 | 3 Debian, Freetype, Redhat | 3 Debian Linux, Freetype, Enterprise Linux | 2024-11-21 | N/A |
| FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | ||||
| CVE-2015-9381 | 3 Debian, Freetype, Redhat | 3 Debian Linux, Freetype, Enterprise Linux | 2024-11-21 | N/A |
| FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | ||||
| CVE-2015-9289 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | ||||
| CVE-2015-9262 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Ansible Tower and 5 more | 2024-11-21 | N/A |
| _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | ||||
| CVE-2015-9251 | 3 Jquery, Oracle, Redhat | 51 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 48 more | 2024-11-21 | N/A |
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | ||||