Lucene search
K
OracleLinux

229 matches found

CVE
CVE
added 2016/08/05 1:0 a.m.159 views

CVE-2016-5264

CVE-2016-5264 affects Mozilla Firefox (and Firefox ESR) with a use-after-free in nsNodeUtils::NativeAnonymousChildListChange when applying SVG effects. The vulnerability can allow remote code execution or cause a denial of service via heap memory corruption. It is described for Firefox versions p...

8.8CVSS9.3AI score0.03193EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.159 views

CVE-2018-17962

CVE-2018-17962 is a QEMU vulnerability: a buffer overflow in pcnet_receive() in hw/net/pcnet.c caused by an incorrect integer data type. The Initial Description confirms the flaw; connected Nessus advisories reference this CVE among other QEMU issues. The provided documents do not include the fix...

7.5CVSS8.5AI score0.04503EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.159 views

CVE-2021-3551

CVE-2021-3551 is described in connected documents as a vulnerability in the PKI-server where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This allows a local attacker to retrieve the log and obtain the admin password, enabling admin privile...

7.8CVSS7.3AI score0.00186EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.158 views

CVE-2016-1954

CVE-2016-1954 affects Mozilla Firefox and Firefox ESR. The flaw in nsCSPContext::SendReports allows a CSP violation report to specify a local file URL, potentially causing a denial of service (data overwrite) or privilege escalation. Affected versions: Firefox before 45.0 and Firefox ESR 38.x bef...

8.8CVSS7AI score0.02331EPSS
CVE
CVE
added 2016/05/10 7:0 p.m.158 views

CVE-2016-4556

Squid 3.x before 3.5.18 and 4.x before 4.0.10 is vulnerable to a double-free in Esi.cc (related to processing Edge Side Includes) which can allow remote servers to trigger a Denial of Service (crash). The issue is confirmed across multiple advisories (e.g., Debian DSA-3625-1, CentOS/RH advisories...

7.5CVSS7.5AI score0.23112EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.157 views

CVE-2014-3673

The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...

7.8CVSS7.1AI score0.07461EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.157 views

CVE-2016-1952

CVE-2016-1952 involves memory-safety vulnerabilities in the Firefox browser engine. Affected software: Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. Root cause: memory-corruption/memory-safety bugs in the browser engine that can be triggered by parsing/processing malformed or craf...

8.8CVSS8.2AI score0.0299EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.156 views

CVE-2016-0546

CVE-2016-0546 is an unspecified vulnerability in Oracle MySQL Server components (Client) that, per vendor notes, could allow a local attacker to execute arbitrary code with elevated privileges due to a long name/buffer overflow in the mysqlshow utility. Affected: MySQL 5.5.46 and earlier, 5.6.27 ...

7.2CVSS5.8AI score0.00567EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.156 views

CVE-2016-0641

CVE-2016-0641 affects multiple MySQL/MariaDB lineages with a MyISAM-related vulnerability that can impact confidentiality and availability when untrusted local users access certain database components. Affected: Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier; MariaDB befo...

5.1CVSS4.2AI score0.0139EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.155 views

CVE-2016-1935

CVE-2016-1935 : Buffer overflow in Mozilla Firefox’s BufferSubData function allows remote code execution via crafted WebGL content. Affected products: Firefox before 44.0 and Firefox ESR 38.x before 38.6. Root cause: buffer overflow while rendering WebGL content. Impact: remote code execution wit...

9.3CVSS9.6AI score0.05149EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.155 views

CVE-2016-2800

The Graphite 2 font rendering library is affected by CVE-2016-2800 and CVE-2016-2792. In Graphite 2, the vulnerability resides in graphite2::Slot::getAttr (Slot.cpp) and can be triggered when processing crafted Graphite fonts, as used by Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to...

8.8CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.155 views

CVE-2016-3550

CVE-2016-3550 is a OpenJDK/Hotspot related vulnerability that allows remote attackers to affect confidentiality by bypassing sandbox restrictions via Bytecode reading vulnerabilities in OpenJDK’s Hotspot component. The affected products and versions cited include Oracle Java SE 6u115, 7u101, 8u92...

4.3CVSS6AI score0.03068EPSS
CVE
CVE
added 2023/09/20 8:39 p.m.155 views

CVE-2023-22024

CVE-2023-22024 affects the Unbreakable Enterprise Kernel (UEK) RDS module, where two setsockopt options (RDS_CONN_RESET and RDS6_CONN_RESET) are not re-entrant. A local attacker with CAP_NET_ADMIN can crash the kernel. Connected advisories (e.g., Oracle ELSA updates) indicate a security update ad...

5.5CVSS5.2AI score0.00168EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.153 views

CVE-2016-2837

In IBM Storwize V7000 Unified, CVE-2016-2837 affects Mozilla Firefox components embedded via ClearKey CDM in the EME API. A heap-based buffer overflow during video playback could allow remote code execution. Affected versions: 1.5.0.0–1.5.2.4. Remediation: upgrade to 1.5.2.5 or later. If no furth...

6.8CVSS8.2AI score0.04577EPSS
CVE
CVE
added 2016/02/13 2:0 a.m.152 views

CVE-2015-8631

CVE-2015-8631 affects MIT Kerberos 5 (krb5) kadmind; a memory leak caused by the code path in kadmin/server/server_stubs.c can be triggered by a request with a NULL principal name. The issue, described as a denial of service via memory exhaustion, occurs in krb5 builds prior to 1.13.4 and in 1.14...

6.5CVSS6.1AI score0.04643EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.152 views

CVE-2016-1973

CVE-2016-1973 is a race condition in GetStaticInstance within Firefox’s WebRTC implementation that can cause a use-after-free in WebRTC components. The issue was found in Mozilla Firefox prior to version 45.0 (Firefox ESR references show similar concerns in the 38.x ESR line). Reported root cause...

8.8CVSS7AI score0.0298EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.151 views

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

7.2CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.151 views

CVE-2016-1974

The CVE-2016-1974 issue affects Mozilla Firefox and Firefox ESR, where nsScannerString::AppendUnicodeTo can fail to verify memory allocation success, enabling a remote attacker to crash the browser or potentially execute arbitrary code via crafted Unicode data in HTML/XML/SVG. Affected versions a...

8.8CVSS7.6AI score0.02973EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.150 views

CVE-2016-1957

CVE-2016-1957 affects Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, where a memory leak in libstagefright during MPEG-4 processing can be triggered by an array deletion, potentially enabling a denial-of-service via memory consumption. Mitigations in the referenced advisories i...

4.3CVSS6.5AI score0.02156EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.150 views

CVE-2016-5259

CVE-2016-5259 : A use-after-free in the Mozilla Firefox function CanonicalizeXPCOMParticipant allows remote code execution via a script that closes its own Service Worker inside a nested sync event loop. Affected: Firefox before 48.0 and Firefox ESR 45.x before 45.3. Impact per sources: arbitrary...

8.8CVSS9.2AI score0.03259EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.149 views

CVE-2015-4816

CVE-2015-4816 affects Oracle MySQL Server 5.5.44 and earlier, where an unspecified InnoDB-related vulnerability allows remote authenticated users to affect availability via unknown vectors. The MiracleLinux advisories/NESSUS plugins reference CVE-2015-4816 among a broader set of MySQL/MariaDB iss...

4CVSS4.8AI score0.07451EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.149 views

CVE-2016-0644

CVE-2016-0644 is an unspecified local-vulnerability in Oracle MySQL/MariaDB affecting DDL paths that can impact availability. Public HOTFIXes exist: MariaDB 10.0.25 (per Debian DSA-3595-1) and MariaDB 5.5.50 (per CentOS CentOS-announce 2016:1602). IBM/PowerKVM advisories also reference this CVE w...

5.5CVSS4.4AI score0.01684EPSS
CVE
CVE
added 2016/05/23 10:0 a.m.149 views

CVE-2016-4805

CVE-2016-4805 describes a use-after-free in the Linux kernel’s drivers/net/ppp/ppp_generic.c before 4.5.2. The flaw allows local attackers to trigger memory corruption and potential DoS (system crash) by removing a network namespace, related to ppp_register_net_channel and ppp_unregister_channel....

7.8CVSS7.7AI score0.0048EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.149 views

CVE-2016-6198

CVE-2016-6198 affects the Linux kernel (pre-4.5.5) in its OverlayFS path. The bug occurs when a file under OverlayFS is renamed to a self-hardlink, causing post-rename operations to run and potentially crash the kernel. Local users can trigger a denial of service (system crash) via a rename sysca...

5.5CVSS6AI score0.00613EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.148 views

CVE-2014-3687

The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...

7.8CVSS7.1AI score0.08579EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.148 views

CVE-2015-4861

CVE-2015-4861 is an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, that allows remote authenticated users to affect availability via unknown InnoDB-related vectors. The connected advisories confirm this CVE among multiple MySQL-related flaws and indic...

3.5CVSS5.1AI score0.03548EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.148 views

CVE-2016-1966

CVE-2016-1966 affects Mozilla Firefox and Firefox ESR. The issue is a dangling pointer dereference in NPAPI handling (nsNPObjWrapper::GetNewOrUsed) in dom/plugins/base/nsJSNPRuntime.cpp, allowing a crafted NPAPI plugin to cause a remote crash or arbitrary code execution. Exploitation in the wild ...

8.8CVSS7.4AI score0.02928EPSS
CVE
CVE
added 2016/04/25 2:0 p.m.148 views

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

4.3CVSS5.8AI score0.14359EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.147 views

CVE-2014-3144

CVE-2014-3144 affects the Linux kernel up to 3.14.3. The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST implementations in the sk_run_filter function (net/core/filter.c) do not properly verify a length value, enabling a local attacker to trigger a denial of service via crafted BPF instruction...

4.9CVSS6.1AI score0.00602EPSS
CVE
CVE
added 2015/12/02 12:0 a.m.147 views

CVE-2015-8391

PCRE library (libpcre) prior to 8.38 is affected by CVE-2015-8391 due to mishandling of certain [: nesting in pcre_compile.c, enabling remote attackers to trigger a denial of service (CPU consumption) via crafted regular expressions (as used by JavaScript RegExp objects in Konqueror). Affected pr...

9.8CVSS7.6AI score0.06404EPSS
CVE
CVE
added 2016/02/13 2:0 a.m.147 views

CVE-2015-8629

The vulnerability CVE-2015-8629 affects MIT Kerberos 5 (krb5) kadmind: the xdr_nullstring function in kadm_rpc_xdr.c does not reliably verify presence of terminating '\0' in strings, allowing a remote authenticated user to trigger an out-of-bounds read that can disclose sensitive information or c...

5.3CVSS5.5AI score0.03657EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.147 views

CVE-2016-1961

CVE-2016-1961 is a use-after-free in Mozilla Firefox’s HTMLDocument::SetBody (dom/html/nsHTMLDocument.cpp) that could crash the browser and allow remote code execution. Affected products are Firefox before 45.0 and Firefox ESR 38.x before 38.7. The vulnerability stems from mishandling of the root...

8.8CVSS7.5AI score0.0289EPSS
CVE
CVE
added 2015/03/02 11:0 a.m.146 views

CVE-2015-0239

CVE-2015-0239 affects the Linux kernel KVM emulation path (arch/x86/kvm/emulate.c). If a guest OS does not initialize SYSENTER MSRs, em_sysenter can trigger using a 16‑bit code segment to emulate SYSENTER, allowing a guest OS user to gain guest privileges or cause a guest crash. The vulnerability...

4.4CVSS5.7AI score0.00643EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.146 views

CVE-2016-5262

Mozilla Firefox prior to 48.0 and Firefox ESR 45.x prior to 45.3 are affected by an XSS flaw where event-handler attributes of a MARQUEE element inside a sandboxed iframe without sandbox="allow-scripts" are processed, enabling remote XSS via a crafted page. Affected product details and patch info...

6.1CVSS6.7AI score0.01464EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.146 views

CVE-2016-5263

CVE-2016-5263 affects Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3. The vulnerability arises from a type confusion in nsDisplayList::HitTest, which mishandles rendering display transformations and could allow a remote attacker to execute arbitrary code via a crafted website. Remed...

8.8CVSS9.2AI score0.02253EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.145 views

CVE-2015-4858

Technical details for CVE-2015-4858 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

4CVSS5.2AI score0.03919EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.145 views

CVE-2016-1930

CVE-2016-1930 affects Mozilla Firefox browser engine (and ESR 38.x) prior to 44.0/38.6, with memory-safety flaws that could lead to denial of service or remote code execution via unspecified vectors. The issue is documented across multiple advisories; affected products include Firefox, Iceweasel/...

10CVSS9.8AI score0.05992EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.144 views

CVE-2015-4802

Technical details about CVE-2015-4802 are not publicly provided in the supplied documents. Monitor for updates from vendor advisories and security databases to obtain explicit affected versions, impact, and remediation.

4CVSS5.2AI score0.04159EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.144 views

CVE-2015-4836

CVE-2015-4836 is an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allowing remote authenticated users to affect availability via unknown vectors related to Server : SP. Affected products/versions are Oracle MySQL Server 5.5.x (<=5.5.45) and 5.6.x (

2.8CVSS5.1AI score0.03974EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.144 views

CVE-2016-2792

CVE-2016-2792 affects Graphite2 (graphite2) in Graphite font rendering used by Firefox

8.8CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2016/07/19 1:0 a.m.144 views

CVE-2016-5386

Summary: CVE-2016-5386 is the httpoxy vulnerability in Go’s net/http CGI handling up to Go 1.6, where untrusted data in the HTTP_PROXY environment variable could redirect a CGI app’s outbound traffic to an attacker-controlled proxy via a crafted Proxy header. This is triggered by namespace confli...

8.1CVSS7.7AI score0.0522EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.142 views

CVE-2015-4815

CVE-2015-4815 affects Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, with remote authenticated access potentially impacting availability via DDL-related vectors. The F5 advisory notes multiple MySQL vulnerabilities across BIG-IP family, describing exposure when MySQL is provisione...

4CVSS5.1AI score0.03691EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.142 views

CVE-2016-0640

CVE-2016-0640 is an unspecified MySQL/MariaDB server vulnerability affecting DML operations with partial integrity/availability impact. Public notices in 2016 (Debian DSA-3595, CentOS/CentOS-announce, Red Hat advisories) show fixes across MariaDB/MySQL branches (e.g., MariaDB 10.0.x and MySQL 5.5...

6.1CVSS4.3AI score0.01426EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.142 views

CVE-2016-1964

CVE-2016-1964 is a use-after-free in Mozilla Firefox’s AtomicBaseIncDec during XML transformation handling. Affects Firefox before 45.0 and Firefox ESR 38.x before 38.7; impact includes remote code execution or heap-based denial of service when processing certain XML transformations. The issue ca...

8.8CVSS7.6AI score0.02831EPSS
CVE
CVE
added 2016/01/12 7:0 p.m.141 views

CVE-2015-1779

CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....

8.6CVSS7.9AI score0.07393EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.141 views

CVE-2016-0505

CVE-2016-0505 is an unspecified vulnerability in Oracle MySQL Server and MariaDB that could allow a remote authenticated user to cause a denial of service via unknown vectors related to Options. Affected versions include MySQL 5.5.46 and earlier, 5.6.27 and earlier, 5.7.9 and MariaDB before 5.5.4...

6.8CVSS5AI score0.07505EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.141 views

CVE-2016-1962

CVE-2016-1962 is a use-after-free in Mozilla Firefox’s mozilla::DataChannelConnection::Close, enabling remote code execution via mishandled WebRTC data-channel connections. Affected: Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. Consequence: potentially exploitable crash with arbi...

10CVSS7.8AI score0.06084EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.141 views

CVE-2016-1965

Mozilla Firefox prior to 45.0 and Firefox ESR before 38.7 are affected by CVE-2016-1965, an address bar spoofing flaw triggered by history.back and the Location protocol. The vulnerability allows a remote attacker to spoof the displayed URL when users navigate back to a previously loaded page, po...

4.3CVSS6.6AI score0.02208EPSS
CVE
CVE
added 2015/10/19 10:0 a.m.140 views

CVE-2015-0275

CVE-2015-0275 affects the Linux kernel ext4 subsystem: the ext4_zero_range function in fs/ext4/extents.c allows local users to trigger a denial of service via a crafted fallocate zero-range request. The linked MiracleLinux/Unity Linux Nessus entries reproduce this: the vulnerability is described ...

4.9CVSS4.8AI score0.00457EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.140 views

CVE-2016-0650

CVE-2016-0650 is described in the connected documents as an unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component that could allow a local/remote attacker to impact availability (DoS). The public details indicate the issue affects MySQL/MariaDB families acr...

5.5CVSS4.4AI score0.01684EPSS
Total number of security vulnerabilities229