Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Software Collections
Subscriptions
Total
1793 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0607 | 4 Canonical, Opensuse, Oracle and 1 more | 6 Ubuntu Linux, Leap, Opensuse and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. | ||||
| CVE-2015-4602 | 2 Php, Redhat | 9 Php, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | N/A |
| The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | ||||
| CVE-2015-0411 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | ||||
| CVE-2016-9935 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. | ||||
| CVE-2016-2097 | 2 Redhat, Rubyonrails | 3 Rhel Software Collections, Rails, Ruby On Rails | 2025-04-12 | N/A |
| Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. | ||||
| CVE-2015-6833 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | ||||
| CVE-2016-7418 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | ||||
| CVE-2015-4644 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. | ||||
| CVE-2016-5325 | 3 Nodejs, Redhat, Suse | 4 Node.js, Openshift, Rhel Software Collections and 1 more | 2025-04-12 | N/A |
| CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | ||||
| CVE-2015-8385 | 3 Oracle, Pcre, Redhat | 4 Linux, Perl Compatible Regular Expression Library, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2016-0773 | 4 Canonical, Debian, Postgresql and 1 more | 6 Ubuntu Linux, Debian Linux, Postgresql and 3 more | 2025-04-12 | N/A |
| PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. | ||||
| CVE-2014-3538 | 4 Christos Zoulas, Debian, Php and 1 more | 5 File, Debian Linux, Php and 2 more | 2025-04-12 | N/A |
| file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. | ||||
| CVE-2015-0273 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. | ||||
| CVE-2016-6317 | 2 Redhat, Rubyonrails | 2 Rhel Software Collections, Rails | 2025-04-12 | N/A |
| Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. | ||||
| CVE-2014-0065 | 2 Postgresql, Redhat | 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. | ||||
| CVE-2014-2525 | 3 Opensuse, Pyyaml, Redhat | 6 Leap, Opensuse, Libyaml and 3 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. | ||||
| CVE-2015-1352 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Rhel Software Collections | 2025-04-12 | N/A |
| The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. | ||||
| CVE-2015-4870 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. | ||||
| CVE-2015-6832 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. | ||||
| CVE-2016-7124 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | ||||