Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 2166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4805 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-06-16 7.8 HIGH 7.5 HIGH
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.
CVE-2010-4664 3 Consolekit Project, Debian, Redhat 3 Consolekit, Debian Linux, Enterprise Linux 2026-06-16 6.5 MEDIUM 8.8 HIGH
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVE-2010-4661 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Opensuse and 2 more 2026-06-16 4.6 MEDIUM 7.8 HIGH
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2010-4657 3 Debian, Php, Redhat 3 Debian Linux, Php, Enterprise Linux 2026-06-16 5.0 MEDIUM 7.5 HIGH
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVE-2010-4251 3 Linux, Redhat, Vmware 3 Linux Kernel, Enterprise Linux, Esx 2026-06-16 7.8 HIGH 7.5 HIGH
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
CVE-2010-4238 3 Citrix, Linux, Redhat 3 Xen, Linux Kernel, Enterprise Linux 2026-06-16 5.5 MEDIUM N/A
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
CVE-2010-4161 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-06-16 4.9 MEDIUM N/A
The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.
CVE-2010-3904 6 Canonical, Linux, Opensuse and 3 more 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more 2026-06-16 7.2 HIGH 7.8 HIGH
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVE-2010-2941 7 Apple, Canonical, Debian and 4 more 13 Cups, Mac Os X, Mac Os X Server and 10 more 2026-06-16 9.3 HIGH 9.8 CRITICAL
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
CVE-2010-2938 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-06-16 4.9 MEDIUM N/A
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.
CVE-2010-2598 1 Redhat 1 Enterprise Linux 2026-06-16 4.3 MEDIUM N/A
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
CVE-2010-2526 2 Heinz Mauelshagen, Redhat 3 Lvm2, Cluster Suite, Enterprise Linux 2026-06-16 4.6 MEDIUM N/A
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
CVE-2010-1871 2 Netapp, Redhat 5 Oncommand Balance, Oncommand Insight, Oncommand Unified Manager and 2 more 2026-06-16 6.8 MEDIUM 8.8 HIGH
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVE-2010-1773 5 Canonical, Fedoraproject, Google and 2 more 5 Ubuntu Linux, Fedora, Chrome and 2 more 2026-06-16 6.8 MEDIUM 8.8 HIGH
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
CVE-2010-1772 5 Canonical, Fedoraproject, Google and 2 more 5 Ubuntu Linux, Fedora, Chrome and 2 more 2026-06-16 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
CVE-2010-1439 2 Fedoraproject, Redhat 4 Fedora, Enterprise Linux, Rhn-client-tools and 1 more 2026-06-16 3.6 LOW N/A
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
CVE-2010-0730 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop 2026-06-16 2.6 LOW N/A
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.
CVE-2010-0729 1 Redhat 1 Enterprise Linux 2026-06-16 6.9 MEDIUM N/A
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
CVE-2010-0727 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-06-16 4.9 MEDIUM N/A
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
CVE-2010-0302 4 Apple, Canonical, Fedoraproject and 1 more 10 Cups, Mac Os X, Mac Os X Server and 7 more 2026-06-16 4.3 MEDIUM 7.5 HIGH
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.