Redhat Enterprise_linux
480 CVEs affecting Redhat Enterprise_linux. Latest disclosed: 2026-05-27. Critical: 18, High: 101.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-3167 | Critical | 9.8 | 2017-06-20 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may l… |
CVE-2016-5411 | Critical | 9.8 | 2017-06-13 | /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root passw… |
CVE-2017-9214 | Critical | 9.8 | 2017-05-23 | In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integ… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2016-6662 | Critical | 9.8 | 2016-09-20 | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Perco… |
CVE-2016-2141 | Critical | 9.8 | 2016-06-30 | It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw… |
CVE-2016-4448 | Critical | 9.8 | 2016-06-09 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. |
CVE-2016-0749 | Critical | 9.8 | 2016-06-09 | The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors… |
CVE-2015-4603 | Critical | 9.8 | 2016-05-16 | The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to… |
CVE-2015-4602 | Critical | 9.8 | 2016-05-16 | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attacker… |
CVE-2016-0639 | Critical | 9.8 | 2016-04-21 | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availabil… |
CVE-2010-5325 | Critical | 9.8 | 2016-04-15 | Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (mem… |
CVE-2015-8668 | Critical | 9.8 | 2016-01-08 | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbi… |
CVE-2013-1591 | Critical | 9.8 | 2013-01-31 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vec… |
CVE-2010-2941 | Critical | 9.8 | 2010-11-05 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers t… |
CVE-2017-9788 | Critical | 9.1 | 2017-07-13 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset bef… |
CVE-2011-3188 | Critical | 9.1 | 2012-05-24 | The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification… |
CVE-2026-4480 | Critical | 9.0 | 2026-05-26 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command"… |
CVE-2017-15103 | High | 8.8 | 2017-12-18 | A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to… |
CVE-2017-3106 | High | 8.8 | 2017-08-11 | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead… |