Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13613 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-16994 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-05 | N/A |
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. | ||||
CVE-2017-16844 | 2 Procmail, Redhat | 2 Procmail, Enterprise Linux | 2024-08-05 | N/A |
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. | ||||
CVE-2017-16820 | 2 Collectd, Redhat | 5 Collectd, Enterprise Linux, Openstack-optools and 2 more | 2024-08-05 | N/A |
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | ||||
CVE-2017-16648 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-05 | N/A |
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. | ||||
CVE-2017-16541 | 5 Apple, Debian, Linux and 2 more | 11 Macos, Debian Linux, Linux Kernel and 8 more | 2024-08-05 | 6.5 Medium |
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | ||||
CVE-2017-15906 | 5 Debian, Netapp, Openbsd and 2 more | 23 Debian Linux, Active Iq Unified Manager, Cloud Backup and 20 more | 2024-08-05 | 5.3 Medium |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | ||||
CVE-2017-15804 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-08-05 | N/A |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | ||||
CVE-2017-15649 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-05 | N/A |
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | ||||
CVE-2017-15670 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-08-05 | N/A |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | ||||
CVE-2017-15412 | 4 Debian, Google, Redhat and 1 more | 10 Debian Linux, Chrome, Ansible Tower and 7 more | 2024-08-05 | N/A |
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2017-15289 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-08-05 | 6.0 Medium |
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | ||||
CVE-2017-15265 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Mrg and 4 more | 2024-08-05 | 7.0 High |
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | ||||
CVE-2017-15268 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-08-05 | N/A |
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | ||||
CVE-2017-15306 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-05 | N/A |
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. | ||||
CVE-2017-15274 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-08-05 | N/A |
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. | ||||
CVE-2017-15275 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more | 2024-08-05 | 7.5 High |
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | ||||
CVE-2017-15299 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-05 | N/A |
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | ||||
CVE-2017-15126 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-05 | 8.1 High |
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put(). | ||||
CVE-2017-15101 | 2 Liblouis, Redhat | 7 Liblouis, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-08-05 | N/A |
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. | ||||
CVE-2017-15127 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-05 | N/A |
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). |