Lucene search
K
OracleLinux

229 matches found

CVE
CVE
added 2016/09/16 12:0 a.m.213 views

CVE-2016-2179

OpenSSL CVE-2016-2179: The DTLS implementation could exhaust memory by accepting many crafted DTLS sessions due to unprocessed, out-of-order handshake messages. This memory-DoS vectors arises from DTLS queue handling in d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. Public advisories (...

7.5CVSS8.2AI score0.26559EPSS
CVE
CVE
added 2016/07/03 9:0 p.m.210 views

CVE-2016-4998

CVE-2016-4998 affects the Linux kernel netfilter IPT_SO_SET_REPLACE handling. The vulnerability allows a local attacker (e.g., with container/root access) to trigger an out-of-bounds read and potentially leak kernel heap memory or cause a Denial of Service by supplying a crafted offset that cross...

7.1CVSS7AI score0.01885EPSS
CVE
CVE
added 2016/02/08 2:0 a.m.206 views

CVE-2013-4312

The CVE-2013-4312 issue affects the Linux kernel prior to 4.4.1, where a local attacker could bypass per-process file-descriptor limits by sending descriptors over a local UNIX domain socket before closing them, causing memory exhaustion and potential denial of service. The root cause is the hand...

6.2CVSS5.7AI score0.00595EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.206 views

CVE-2016-4470

CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...

5.5CVSS5.8AI score0.00582EPSS
CVE
CVE
added 2015/10/04 8:0 p.m.205 views

CVE-2014-9750

CVE-2014-9750 concerns ntpd with Autokey authentication. The root cause is an error in ntp_crypto.c where a packet extension field’s length value is not properly validated, allowing a remote attacker to either leak sensitive information from ntpd’s process memory or crash the daemon via a malform...

5.8CVSS6.8AI score0.06135EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.202 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
CVE
CVE
added 2014/12/12 6:0 p.m.200 views

CVE-2014-8134

CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...

3.3CVSS5.4AI score0.00703EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.199 views

CVE-2015-4819

CVE-2015-4819: An unspecified vulnerability in Oracle MySQL Server affecting 5.5.44 and earlier and 5.6.25 and earlier, located in the Client programs component. It has complete impact on confidentiality, integrity, and availability. The IBM Guardium bulletin (CVE reference list) documents this C...

7.2CVSS5.1AI score0.0045EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.197 views

CVE-2016-1960

CVE-2016-1960 is a vulnerability in Mozilla Firefox’s HTML5 parser (nsHtml5TreeBuilder) involving an integer underflow that enables a use-after-free scenario when parsing end tags in a foreign fragment context (SVG). Affects Firefox before 45.0 and Firefox ESR 38.x before 38.7; exploitation can l...

8.8CVSS7.6AI score0.30946EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.197 views

CVE-2016-2518

CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...

5.3CVSS6.2AI score0.15081EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.196 views

CVE-2015-7691

CVE-2015-7691 affects ntpd’s crypto_xmit handling in NTP 4.2.x (before 4.2.8p4) and 4.3.x (before 4.3.77). The flaw arises from incomplete validation of autokey operations in crafted packets, allowing a remote attacker to crash ntpd (denial of service). This is tied to an incomplete fix of CVE-20...

7.5CVSS7.8AI score0.07103EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.196 views

CVE-2015-7701

CVE-2015-7701 involves a memory leak in ntpd’s CRYPTO_ASSOC when autokey is enabled. Affected: ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Impact: potential denial of service due to memory exhaustion. Remediation: upgrade to fixed ntp releases (e.g., 4.2.8p4+ or 4.3.77+); or disable...

7.5CVSS8.2AI score0.06519EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.194 views

CVE-2015-7977

CVE-2015-7977 : ntpd/nptdsp (NTP) vulnerability where processing of the ntpdc reslist command could cause a NULL pointer dereference and crash ntpd. This is triggered by large restriction lists. Affects ntpd/ntpdc in NTP 4.2.x leading up to 4.2.8p6 and 4.3.x prior to 4.3.90. Remediation: upgrade ...

5.9CVSS6.3AI score0.06346EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.192 views

CVE-2016-0695

CVE-2016-0695 is discussed across multiple connected sources as a vulnerability in OpenJDK/OpenJRE components (Serialization, Hotspot, RMI/JMX deserialization, JAXP surrogate handling, and DS A signatures). The issue enables potential confidentiality breaches and sandbox bypass mechanics, with th...

5.9CVSS6.6AI score0.03397EPSS
CVE
CVE
added 2016/05/11 9:0 p.m.190 views

CVE-2016-3710

CVE-2016-3710 : A bounds-checking flaw in QEMU’s VGA module (VBE read/write via I/O ports) allows a privileged guest to modify banked video memory and execute arbitrary code on the host with QEMU process privileges. Root cause: out-of-bounds read/write in VGA bank access. Impact: potential host c...

8.8CVSS8.7AI score0.00916EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.189 views

CVE-2015-4870

CVE-2015-4870 is an unspecified MySQL Server vulnerability affecting the Parser, enabling remote authenticated DoS. Connected docs show exploitation via the MySQL 5.5.45/older and 5.6.26/older series through the Procedure ANALYSE function (DoS). An exploit demonstrates that MySQL 5.5.45 is vulner...

4CVSS5.1AI score0.30146EPSS
Web
CVE
CVE
added 2016/08/02 4:0 p.m.189 views

CVE-2016-5403

CVE-2016-5403 affects QEMU’s virtio path (virtqueue_pop in hw/virtio/virtio.c). A local guest OS administrator can cause a denial of service via unbounded memory allocation by submitting virtqueue requests without waiting for completion, potentially crashing the QEMU process. Public postings acro...

5.5CVSS5.9AI score0.0052EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.184 views

CVE-2015-7692

CVE-2015-7692 affects ntpd (NTP) prior to 4.2.8p4 for 4.2.x and 4.3.77 for 4.3.x. The flaw is in the crypto_xmit function (ntp_crypto.c) and can cause remote DoS crashes. This entry notes it as a continuation of an incomplete fix for CVE-2014-9750. No specific patched versions are provided in the...

7.5CVSS7.9AI score0.07336EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.183 views

CVE-2016-3477

CVE-2016-3477 affects Oracle MySQL Server (versions before 5.5.50, 5.6 before 5.6.30, 5.7 before 5.7.12) and MariaDB (before 5.5.50, 10.0.x before 10.0.26, 10.1.x before 10.1.15). The vulnerability is in the Server: Parser component and can allow a local user to impact confidentiality, integrity,...

8.1CVSS5.5AI score0.00466EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.181 views

CVE-2015-4792

CVE-2015-4792 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier that can affect availability via unknown vectors related to Server: Partition. Connected advisories confirm this CVE is among those addressed by MariaDB/MySQL update...

1.7CVSS5.2AI score0.03861EPSS
CVE
CVE
added 2016/01/27 8:0 p.m.181 views

CVE-2016-2047

CVE-2016-2047 affects multiple MySQL-compatible products. The root cause is failure to verify server hostname against CN/SAN in X.509 certificates, enabling MITM by crafted certificates. Affected: MariaDB prior to 5.5.47, 10.0.x prior to 10.0.23, 10.1.x prior to 10.1.10; Oracle MySQL 5.5.48 and e...

5.9CVSS4.8AI score0.03741EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.180 views

CVE-2016-3610

CVE-2016-3610 is evidenced in connected data as a sandbox-restriction-bypass flaw in the Libraries component of OpenJDK, specifically involving the filterReturnValue() method of MethodHandles where the parameter-count check could be bypassed. The CHAINGUARD security data lists affected OpenJDK pa...

9.6CVSS8.6AI score0.05933EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.178 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00461EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.177 views

CVE-2016-3587

CVE-2016-3587 is a high-severity, remote vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 via the Hotspot component, causing complete compromise of confidentiality, integrity, and availability. Multiple connected advisories corroborate the Hotspot/Libraries impact and reference the ...

9.6CVSS7.6AI score0.05933EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.177 views

CVE-2016-5118

CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...

10CVSS9.5AI score0.49982EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.177 views

CVE-2016-5440

CVE-2016-5440 is an unspecified vulnerability in Oracle MySQL Server and MariaDB that can impact availability via Server: RBR. Affected are MySQL 5.5.49 and earlier, 5.6.30 and earlier, 5.7.12 and earlier, and MariaDB before 5.5.50; newer upstream fixes exist for MariaDB (e.g., 5.5.50, 10.0.26, 1...

4.9CVSS5.5AI score0.03703EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.175 views

CVE-2016-0647

CVE-2016-0647 corresponds to an unspecified vulnerability in MySQL/MariaDB affecting Full-Text Search (FTS) that allows local users to impact availability. Affected: Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier; MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x b...

5.5CVSS4.2AI score0.01699EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.174 views

CVE-2015-5165

CVE-2015-5165 affects the RTL8139 emulation in QEMU (C+ mode offload) used by Xen 4.5.x and earlier. A remote attacker could read heap memory in the QEMU process via unspecified vectors, potentially exposing host data. Public sources in connected docs document this as an information-leak flaw in ...

9.3CVSS6.5AI score0.13288EPSS
CVE
CVE
added 2017/07/24 2:0 p.m.174 views

CVE-2015-7703

CVE-2015-7703: ntpd remote configuration feature exposes a file overwrite risk via the :config command when remote configuration is enabled and the attacker knows the configuration password. Affected: ntpd 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Connected documents confirm this as a real vu...

7.5CVSS8.6AI score0.03823EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.174 views

CVE-2016-3521

CVE-2016-3521 affects multiple MySQL/MariaDB releases with an unspecified vulnerability in the Server: Types component that can allow remote authenticated users to affect availability. Affected: MySQL 5.5.49 and earlier, 5.6.30 and earlier, 5.7.12 and earlier; MariaDB before 5.5.50; 10.0.x before...

6.8CVSS5.4AI score0.05826EPSS
CVE
CVE
added 2015/11/17 3:0 p.m.173 views

CVE-2015-0272

CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...

5CVSS5.9AI score0.05059EPSS
CVE
CVE
added 2015/05/27 10:0 a.m.173 views

CVE-2015-2922

CVE-2015-2922 is a Linux kernel IPv6 Neighbor Discovery flaw in the ndisc_router_discovery path that lets a crafted Router Advertisement with a small hop_limit reconfigure the hop-limit on the receiving interface. It affects the IPv6 stack prior to kernel 3.19.6; the impact is loss of connectivit...

3.3CVSS5AI score0.03052EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.173 views

CVE-2015-7702

CVE-2015-7702 affects ntpd’s crypto_xmit implementation in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77, allowing remote attackers to crash ntpd (DoS). The issue stems from an incomplete fix for CVE-2014-9750. Public advisories note the vulnerability and that updates have been released (e.g.,...

6.5CVSS7.9AI score0.05207EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.173 views

CVE-2016-0648

CVE-2016-0648 is an unspecified local-privilege/availability vulnerability in Oracle MySQL (versions 5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier) and in MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 that can affect availability via PS-related vectors. Conn...

5.5CVSS4.2AI score0.01699EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.172 views

CVE-2016-3458

CVE-2016-3458 affects OpenJDK/OpenJDK-based Java runtimes (CORBA component) and Oracle Java SE up to 8u92, enabling sandbox-restriction bypass that could allow remote or local attackers to affect integrity. The vulnerability stems from insufficient restrictions on CORBA value handling, enabling a...

4.3CVSS6AI score0.02965EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.171 views

CVE-2015-4913

CVE-2015-4913 affects Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. It is a remote authenticated vulnerability exposing availability via DML-related vectors (un disclosed). Root cause is unspecified in the provided description; no specific fixes or patch versions are listed. It i...

3.5CVSS5.2AI score0.03548EPSS
CVE
CVE
added 2016/05/10 7:0 p.m.168 views

CVE-2016-4554

CVE-2016-4554 affects Squid and is a header smuggling flaw in mime_get_header_field() that can bypass same-origin protections and enable cache poisoning when Squid acts as a reverse/interception proxy. Connected advisories describe concurrent issues (CVE-2016-4051/4052/4053/4054) in ESI processin...

8.6CVSS8.2AI score0.38893EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.166 views

CVE-2016-2796

CVE-2016-2796 describes a heap-based buffer overflow in the Graphite 2 font library (graphite2::vm::Machine::Code::Code) prior to 1.3.6. The vulnerability affected Graphite 2 as used by Mozilla Firefox (before 45.0) and Firefox ESR 38.x (before 38.7), potentially enabling a remote attacker to cau...

8.8CVSS7.6AI score0.03854EPSS
CVE
CVE
added 2016/04/25 2:0 p.m.166 views

CVE-2016-4051

Squid’s vulnerability CVE-2016-4051 is a buffer overflow in cachemgr.cgi that could allow remote attackers to cause a DoS or execute arbitrary code. Affected products include Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9, via remotely supplied data sent to the CGI interface. Public advisorie...

8.8CVSS8.8AI score0.16893EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.165 views

CVE-2015-7852

CVE-2015-7852 is an off-by-one vulnerability in ntpq’s cookedprint() which can allow a crafted mode 6 packet to cause a buffer overflow and crash ntpd. Public references (Debian DSA-3388-1, CentOS advisories) confirm ntpq/cookedprint as the vulnerable component and describe a DoS via remote craft...

5.9CVSS7.1AI score0.12282EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.164 views

CVE-2016-1977

Summary: CVE-2016-1977 and related Graphite 2 vulnerabilities affect Graphite font rendering (library graphite2) used by Mozilla Firefox/Thunderbird. The issues stem from memory safety bugs in Graphite 2 (version 1.3.5 and earlier) that could allow remote code execution or crashes when processing...

8.8CVSS7.5AI score0.02912EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.163 views

CVE-2016-3615

CVE-2016-3615 affects Oracle MySQL and MariaDB: an unspecified vulnerability in the Server: DML component that can allow remote authenticated users to affect availability. Affected products/versions include MySQL 5.5.49 and earlier, 5.6.30 and earlier, 5.7.12 and earlier; MariaDB before 5.5.50, 1...

5.3CVSS5.3AI score0.0568EPSS
CVE
CVE
added 2022/08/29 8:35 p.m.163 views

CVE-2022-21385

CVE-2022-21385 is a vulnerability in the Oracle Linux kernel’s net_rds_alloc_sgs() function that allows unprivileged local users to crash the machine. The issue is rated CVSS 3.1 base score 6.2 (Availability impact). The connected documents confirm the flaw exists in Oracle Linux kernels and is r...

6.2CVSS5.8AI score0.00346EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.162 views

CVE-2016-0616

CVE-2016-0616 is an unspecified vulnerability in MySQL/MariaDB related to the Optimizer that allows remote authenticated users to affect availability. Affected products/versions include Oracle MySQL 5.5.46 and earlier; MariaDB before 5.5.47; MySQL 10.0.x before 10.0.23; and 10.1.x before 10.1.10....

4CVSS4.8AI score0.03796EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.161 views

CVE-2016-0666

CVE-2016-0666 is an unspecified local-privilege/vulnerability in MySQL/MariaDB affecting multiple branches (MySQL 5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier; MariaDB before 5.5.49, and some 10.x lines). The connected advisories confirm that this family of issues can impact availab...

5.5CVSS4.2AI score0.01623EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.161 views

CVE-2016-2143

CVE-2016-2143 affects the Linux kernel, specifically the fork implementation on s390 platforms. The issue occurs when four page-table levels are used, which can allow a local unprivileged user to crash the system (DoS) or potentially cause other unspecified impacts via crafted applications, relat...

7.8CVSS7.4AI score0.00557EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.160 views

CVE-2016-3606

CVE-2016-3606 is an insufficient bytecode verification flaw in the Hotspot component of OpenJDK/OpenJDK-based Java runtimes, enabling sandbox bypass for untrusted code. Public documentation ties this to Oracle Java SE 7u101/8u92 and Java SE Embedded 8u91, with multiple vendor advisories (Red Hat,...

9.6CVSS8.4AI score0.03833EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.159 views

CVE-2016-3500

CVE-2016-3500 is tied to a denial-of-service issue in the JAXP component of OpenJDK/OpenJDK-based Java runtimes, where crafted XML files could cause excessive CPU/memory consumption. The CVE affects multiple OpenJDK variants and is reflected in security advisories for Linux distributions (e.g., A...

5.3CVSS6.5AI score0.04797EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.159 views

CVE-2016-3508

CVE-2016-3508 is confirmed in connected records as a vulnerability in the OpenJDK JAXP component. The issue involves denial of service exposure when parsing XML, caused by the JAXP path not enforcing a limit on entity replacements during XML processing. Some sources also describe related, adjacen...

5.3CVSS6.5AI score0.04797EPSS
CVE
CVE
added 2016/05/23 10:0 a.m.159 views

CVE-2016-4581

CVE-2016-4581 affects the Linux kernel: a flaw in mounting propagation where slave mounts can leave the propagation tree in an inconsistent state. Local users could trigger a denial of service via crafted mount calls, causing a NULL pointer dereference and kernel oops. The issue is fixed in kerne...

5.5CVSS6AI score0.00553EPSS
Total number of security vulnerabilities229