Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13616 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-1867 | 2 Clusterlabs, Redhat | 4 Pacemaker, Enterprise Linux, Enterprise Linux High Availability and 1 more | 2024-08-06 | N/A |
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | ||||
CVE-2015-1869 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-08-06 | 7.8 High |
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | ||||
CVE-2015-1863 | 5 Canonical, Debian, Opensuse and 2 more | 11 Ubuntu Linux, Debian Linux, Opensuse and 8 more | 2024-08-06 | N/A |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. | ||||
CVE-2015-1856 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Swift, Enterprise Linux and 2 more | 2024-08-06 | N/A |
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | ||||
CVE-2015-1853 | 2 Redhat, Tuxfamily | 2 Enterprise Linux, Chrony | 2024-08-06 | 6.5 Medium |
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | ||||
CVE-2015-1854 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Fedora and 1 more | 2024-08-06 | N/A |
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | ||||
CVE-2015-1827 | 3 Fedoraproject, Freeipa, Redhat | 3 Fedora, Freeipa, Enterprise Linux | 2024-08-06 | N/A |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. | ||||
CVE-2015-1841 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2024-08-06 | N/A |
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | ||||
CVE-2015-1822 | 3 Debian, Redhat, Tuxfamily | 3 Debian Linux, Enterprise Linux, Chrony | 2024-08-06 | N/A |
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. | ||||
CVE-2015-1815 | 3 Fedoraproject, Redhat, Selinux | 3 Fedora, Enterprise Linux, Setroubleshoot | 2024-08-06 | N/A |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | ||||
CVE-2015-1805 | 3 Google, Linux, Redhat | 8 Android, Linux Kernel, Enterprise Linux and 5 more | 2024-08-06 | N/A |
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." | ||||
CVE-2015-1804 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. | ||||
CVE-2015-1819 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Mac Os X, Tvos and 9 more | 2024-08-06 | N/A |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | ||||
CVE-2015-1821 | 3 Debian, Redhat, Tuxfamily | 3 Debian Linux, Enterprise Linux, Chrony | 2024-08-06 | N/A |
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. | ||||
CVE-2015-1795 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Storage | 2024-08-06 | N/A |
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | ||||
CVE-2015-1803 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. | ||||
CVE-2015-1789 | 3 Openssl, Oracle, Redhat | 3 Openssl, Sparc-opl Service Processor, Enterprise Linux | 2024-08-06 | N/A |
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. | ||||
CVE-2015-1782 | 4 Debian, Fedoraproject, Libssh2 and 1 more | 4 Debian Linux, Fedora, Libssh2 and 1 more | 2024-08-06 | N/A |
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. | ||||
CVE-2015-1799 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | ||||
CVE-2015-1802 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. |