Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Hpc Node Subscriptions
Total 149 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more 2024-11-21 N/A
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2015-7500 6 Apple, Canonical, Debian and 3 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2024-11-21 N/A
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
CVE-2015-7499 7 Apple, Canonical, Debian and 4 more 17 Iphone Os, Mac Os X, Tvos and 14 more 2024-11-21 N/A
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-7498 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2024-11-21 N/A
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
CVE-2015-7497 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2024-11-21 N/A
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5312 6 Apple, Canonical, Debian and 3 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2024-11-21 N/A
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 N/A
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2015-5287 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2024-11-21 N/A
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
CVE-2015-5277 3 Canonical, Gnu, Redhat 8 Ubuntu Linux, Glibc, Enterprise Linux and 5 more 2024-11-21 N/A
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVE-2015-5273 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2024-11-21 N/A
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVE-2015-5261 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2024-11-21 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
CVE-2015-5260 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2024-11-21 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-5235 3 Fedoraproject, Opensuse, Redhat 8 Fedora, Opensuse, Enterprise Linux and 5 more 2024-11-21 N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
CVE-2015-5234 3 Fedoraproject, Opensuse, Redhat 8 Fedora, Opensuse, Enterprise Linux and 5 more 2024-11-21 N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2024-11-21 N/A
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-5219 10 Canonical, Debian, Fedoraproject and 7 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 7.5 High
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2015-5195 5 Canonical, Debian, Fedoraproject and 2 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 N/A
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2015-5194 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 N/A
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVE-2015-5157 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more 2024-11-21 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2015-4819 6 Canonical, Debian, Fedoraproject and 3 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2024-11-21 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.