Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Software Collections
Subscriptions
Total
1793 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6668 | 4 Debian, Google, Nodejs and 1 more | 7 Debian Linux, Chrome, V8 and 4 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-7185 | 3 Apple, Python, Redhat | 4 Mac Os X, Python, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | ||||
| CVE-2015-4861 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | ||||
| CVE-2016-0504 | 4 Canonical, Opensuse, Oracle and 1 more | 6 Ubuntu Linux, Leap, Opensuse and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. | ||||
| CVE-2016-5093 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. | ||||
| CVE-2016-3141 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Rhel Software Collections | 2025-04-12 | N/A |
| Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | ||||
| CVE-2014-9767 | 3 Hiphop Virtual Machine For Php Project, Php, Redhat | 3 Hiphop Virtual Machine For Php, Php, Rhel Software Collections | 2025-04-12 | N/A |
| Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | ||||
| CVE-2016-7418 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | ||||
| CVE-2014-0062 | 2 Postgresql, Redhat | 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. | ||||
| CVE-2015-5288 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | ||||
| CVE-2014-0066 | 2 Postgresql, Redhat | 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | ||||
| CVE-2015-4767 | 3 Canonical, Oracle, Redhat | 3 Ubuntu Linux, Mysql, Rhel Software Collections | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. | ||||
| CVE-2016-3492 | 3 Mariadb, Oracle, Redhat | 10 Mariadb, Mysql, Enterprise Linux and 7 more | 2025-04-12 | 6.5 Medium |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | ||||
| CVE-2016-5424 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | ||||
| CVE-2014-3515 | 3 Debian, Php, Redhat | 4 Debian Linux, Php, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. | ||||
| CVE-2016-4544 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2025-04-12 | 9.8 Critical |
| The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | ||||
| CVE-2014-2497 | 6 Canonical, Debian, Oracle and 3 more | 14 Ubuntu Linux, Debian Linux, Solaris and 11 more | 2025-04-12 | N/A |
| The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. | ||||
| CVE-2015-4769 | 3 Canonical, Oracle, Redhat | 3 Ubuntu Linux, Mysql, Rhel Software Collections | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. | ||||
| CVE-2016-7099 | 3 Nodejs, Redhat, Suse | 3 Node.js, Rhel Software Collections, Linux Enterprise | 2025-04-12 | N/A |
| The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2015-8381 | 2 Pcre, Redhat | 2 Perl Compatible Regular Expression Library, Rhel Software Collections | 2025-04-12 | N/A |
| The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||