Lucene search
K
OracleLinux

229 matches found

CVE
CVE
added 2016/03/13 6:0 p.m.140 views

CVE-2016-1958

The CVE-2016-1958 issue affects Mozilla Firefox and Firefox ESR: browser address bar spoofing via javascript: URLs in Firefox <= 45.0 and ESR

4.3CVSS6.6AI score0.02227EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.139 views

CVE-2016-2797

Graphite 2 before 1.3.6 is affected by CVE-2016-2797 via the TtfUtil::CmapSubtable12Lookup path. The vulnerability exists when Graphite is used by Firefox before 45.0 and Firefox ESR 38.x before 38.7, allowing a crafted Graphite smart font to cause a denial-of-service (buffer over-read) or simila...

8.8CVSS7.3AI score0.02708EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.139 views

CVE-2016-5265

CVE-2016-5265 affects Mozilla Firefox and Firefox ESR. The initial description states that Firefox before 48.0 and Firefox ESR 45.x before 45.3 can allow a user-assisted remote attacker to bypass the Same Origin Policy, perform UXSS, or read arbitrary files by placing a crafted HTML document and ...

5.5CVSS6.8AI score0.01247EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.138 views

CVE-2016-0598

CVE-2016-0598 – Oracle MySQL/MariaDB DML-related DoS . The connected sources confirm a vulnerability in Oracle MySQL Server and MariaDB families where remote authenticated users can cause a denial of service via DML-related vectors. Affected versions include MySQL 5.5.46 and earlier, 5.6.27 and e...

3.5CVSS5AI score0.03404EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.138 views

CVE-2016-0646

CVE-2016-0646 is an unspecified vulnerability in Oracle MySQL Server (DML-related) that can affect availability via local access. Connected advisories confirm multiple MariaDB/MySQL fixes and provide concrete remediations: upgrade to fixed upstream versions (e.g., MariaDB 10.0.25+ per Debian DSA-...

5.5CVSS4.4AI score0.01684EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.138 views

CVE-2016-4809

The CVE-2016-4809 vulnerability affects libarchive (archive_read_format_cpio_read_header in archive_read_support_format_cpio.c) and allows a remote attacker to cause an application crash (DoS) by processing a CPIO archive containing a large symlink. Affected upstream is libarchive

7.5CVSS7.1AI score0.04773EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.138 views

CVE-2016-5444

CVE-2016-5444 is an unspecified vulnerability in Oracle MySQL Server and MariaDB that allows remote attackers to affect confidentiality via the Server: Connection vector. Affected are MySQL: 5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier; MariaDB before 5.5.49, 10.0.x before 10.0.25, ...

4.3CVSS4.6AI score0.03764EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.137 views

CVE-2014-3647

CVE-2014-3647 affects the Linux kernel KVM emulation path: arch/x86/kvm/emulate.c. The root cause is improper handling of RIP changes during instruction emulation, enabling a local guest OS user to crash the guest (DoS) with a crafted application in kernels up to 3.17.2. The provided connected do...

5.5CVSS5.5AI score0.00588EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.137 views

CVE-2016-5252

CVE-2016-5252 describes a stack-based buffer underflow in the Mozilla Firefox gfx BasePoint4d during 2D clipping region calculations, enabling remote code execution via crafted graphics data. Affected products include Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3. The issue stems f...

8.8CVSS9.4AI score0.03065EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.137 views

CVE-2016-5258

CVE-2016-5258 is a use-after-free vulnerability in Firefox’s WebRTC DTLS handling, specifically a memory misreference in the WebRTC socket thread during shutdown of a WebRTC session. Public sources consistently describe it as allowing remote code execution due to incorrect free operations on DTLS...

8.8CVSS9.3AI score0.03259EPSS
CVE
CVE
added 2014/04/01 1:0 a.m.136 views

CVE-2014-2678

CVE-2014-2678 affects the Linux kernel (net/rds/iw.c). The rds_iw_laddr_check function can be triggered by a bind() on an RDS socket on systems lacking RDS transports, enabling local attackers to cause a NULL pointer dereference and a system crash (DoS). This is described as affecting kernels up ...

4.7CVSS6.7AI score0.00403EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.136 views

CVE-2015-0253

CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...

5CVSS7.9AI score0.14734EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.136 views

CVE-2015-4879

CVE-2015-4879 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.44 and earlier, and 5.6.25 and earlier) that allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. The IBM Guardium advisory (CVE-2015-4879) documents...

4.6CVSS5AI score0.04172EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.136 views

CVE-2016-0597

CVE-2016-0597 is an unspecified vulnerability in Oracle MySQL Server and MariaDB affecting the optimizer component that could allow remote authenticated users to cause a denial of service via unknown/optimizer-related vectors. The initial records list vulnerable families across MySQL/MariaDB rele...

4CVSS5AI score0.043EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.136 views

CVE-2016-0608

CVE-2016-0608 is an unspecified vulnerability in Oracle MySQL Server and MariaDB affecting multiple tracks (MySQL 5.5.46 and earlier, 5.6.27 and earlier, 5.7.9; MariaDB before 5.5.47; MySQL 10.0.x before 10.0.23; 10.1.x before 10.1.10) that allows remote authenticated users to affect availability...

3.5CVSS5AI score0.03404EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.133 views

CVE-2014-1738

CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...

2.1CVSS5.9AI score0.00524EPSS
CVE
CVE
added 2015/12/07 8:0 p.m.133 views

CVE-2015-3276

The CVE-2015-3276 entry concerns the OpenLDAP component and its function nss_parse_ciphers in tls_m.c, which does not correctly parse OpenSSL-style multi-keyword mode cipher strings. This could cause a cipher weaker than intended to be used, with an impact described as remote, unspecified. Connec...

7.5CVSS7.5AI score0.05333EPSS
CVE
CVE
added 2015/12/02 1:0 a.m.133 views

CVE-2015-8385

CVE-2015-8385 (PCRE) affects PCRE before 8.38. The vulnerability arises when parsing certain forward-referencing patterns like /(?|(\k'Pm')|(?'Pm'))/ in regular expressions, causing a denial of service via a heap-based buffer overflow (remote attacker may craft a regex that triggers it). Multiple...

7.5CVSS7.6AI score0.05623EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.133 views

CVE-2016-0596

CVE-2016-0596 is an unspecified vulnerability in Oracle MySQL Server family (MySQL 5.5.46 and earlier, 5.6.27 and earlier; MariaDB before 5.5.47; 10.0.x before 10.0.23; 10.1.x before 10.1.10) that could allow remote authenticated users to affect availability via DML-related vectors. Public source...

4CVSS5.1AI score0.043EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.133 views

CVE-2016-0600

CVE-2016-0600 is an unspecified vulnerability in Oracle MySQL Server affecting InnoDB across multiple branches: MySQL 5.5.x (≤5.5.46), 5.6.x (≤5.6.27), 5.7.x (≤5.7.9) and MariaDB up to 5.5.46/47, plus 10.0.x ≤10.0.23 and 10.1.x ≤10.1.10. It allows remote authenticated users to cause a denial of s...

3.5CVSS5AI score0.03404EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.133 views

CVE-2016-0609

CVE-2016-0609 is an Oracle MySQL vulnerability affecting multiple branches (MySQL 5.5.46 and earlier; 5.6.27 and earlier; 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; 10.1.x before 10.1.10) where remote authenticated users can affect availability via unknown vectors related to privileg...

1.7CVSS5.1AI score0.03928EPSS
CVE
CVE
added 2015/03/02 11:0 a.m.132 views

CVE-2014-9644

CVE-2014-9644 affects the Linux kernel Crypto API prior to 3.18.5. It allows a local user to load arbitrary kernel modules by abusing a bind() call on an AF_ALG socket with a module template expression (eg, vfat(aes)) in salg_name. This is a local, privilege-related issue, separate from CVE-2013-...

2.1CVSS5.7AI score0.00552EPSS
CVE
CVE
added 2016/08/05 1:0 a.m.132 views

CVE-2016-5254

CVE-2016-5254 is a use-after-free in Firefox’s nsXULPopupManager::KeyDown affecting Firefox < 48.0 and Firefox ESR

9.8CVSS9.6AI score0.02953EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.132 views

CVE-2016-6250

Summary: CVE-2016-6250 affects libarchive’s ISO9660 writer and causes an integer overflow when verifying filename lengths during ISO9660 archive creation, potentially triggering a buffer overflow that can crash the application or allow code execution. Public disclosures and multiple vendor adviso...

8.6CVSS8.8AI score0.06251EPSS
CVE
CVE
added 2014/04/14 11:0 p.m.131 views

CVE-2014-2706

CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...

7.1CVSS7.8AI score0.04354EPSS
CVE
CVE
added 2015/12/02 12:0 a.m.131 views

CVE-2015-8386

Summary (CVE-2015-8386) PCRE before 8.38 mishandles the interaction between lookbehind assertions and mutually recursive subpatterns in crafted regular expressions, allowing remote attackers to cause a denial of service (buffer overflow) or potentially other impact. This vulnerability affects the...

9.8CVSS7.6AI score0.07059EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.131 views

CVE-2016-0649

CVE-2016-0649 is cited in IBM Security Bulletins as an unspecified vulnerability in Oracle MySQL Server related to the Server: PS component that could cause a partial availability DoS. Affected product in this IBM bulletin is PowerKVM (versions 2.1 and 3.1); remediation is to apply updates via yu...

5.5CVSS4.4AI score0.01684EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.131 views

CVE-2016-3452

CVE-2016-3452 is an unspecified vulnerability in Oracle MySQL Server affecting versions up to MySQL 5.5.48/5.6.29/5.7.10 and MariaDB up to 5.5.49 (and related 10.x branches). The vulnerability relates to the Server: Security: Encryption component and can allow remote attackers to affect confident...

4.3CVSS4.6AI score0.03529EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.130 views

CVE-2014-3145

CVE-2014-3145 is disclosed in multiple Nessus advisories linked to the Linux kernel up to 3.14.3. The vulnerability resides in the BPF_S_ANC_NLATTR_NEST extension within sk_run_filter() in net/core/filter.c, where a reverse-order subtraction allows a local user to trigger an over-read leading to ...

4.9CVSS6.1AI score0.00649EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.130 views

CVE-2016-0606

CVE-2016-0606 is an unspecified vulnerability in Oracle MySQL Server and MariaDB related to encryption that can be exploited by remote authenticated users to affect integrity. Affected versions include MySQL 5.5.46 and earlier, 5.6.27 and earlier, 5.7.9 and MariaDB before 5.5.47; also 10.0.x befo...

3.5CVSS5AI score0.03651EPSS
CVE
CVE
added 2016/01/08 9:0 p.m.128 views

CVE-2015-7512

CVE-2015-7512 is a buffer overflow in the PC-Net II Ethernet controller emulation (hw/net/pcnet.c) of QEMU. The flaw occurs when handling packets for guests with a larger MTU, allowing a remote attacker to trigger a denial of service (guest OS crash) or potentially execute arbitrary code. Connect...

9CVSS9.3AI score0.0773EPSS
CVE
CVE
added 2016/05/10 7:0 p.m.128 views

CVE-2016-4555

CVE-2016-4555 affects Squid 3.x (before 3.5.18) and 4.x (before 4.0.10); DoS/crash via crafted Edge Side Includes (ESI) responses due to incorrect pointer handling and ref-counting. Connected advisories indicate fixes in Squid 3.4.8-6+deb8u3 and 3.5.19-1 (Debian), CentOS/RHSA advisories, and Fedo...

7.5CVSS7.5AI score0.5392EPSS
CVE
CVE
added 2016/04/07 7:0 p.m.127 views

CVE-2016-1714

CVE-2016-1714 – QEMU firmware config flaw. Local CAP_SYS_RAWIO users can trigger out-of-bounds reads/writes in hw/nvram/fw_cfg.c (fw_cfg_write/fw_cfg_read) when Firmware Configuration device emulation is enabled, potentially crashing the guest or allowing code execution on the host. Affected: QEM...

8.1CVSS8.5AI score0.06085EPSS
CVE
CVE
added 2014/12/24 6:0 p.m.126 views

CVE-2004-2771

CVE-2004-2771 affects mailx (Heirloom mailx <=12.5 and BSD mailx <=8.1.2). The vulnerability arises from parsing of email addresses, allowing a local attacker to cause mailx to execute arbitrary shell commands via shell metacharacters in the address. Several connected records corroborate im...

7.5CVSS7.8AI score0.06858EPSS
CVE
CVE
added 2015/03/02 11:0 a.m.126 views

CVE-2013-7421

CVE-2013-7421 : Linux kernel Crypto API flaw allows a local user to load arbitrary kernel modules via a bind() on an AF_ALG socket with a salg_name, in kernels before 3.18.5. This is the same class as CVE-2014-9644 and is addressed by the 3.18.5 fix (ChangeLog-3.18.5). Connected IBM and vendor ad...

2.1CVSS5.7AI score0.00716EPSS
CVE
CVE
added 2016/06/01 10:0 p.m.124 views

CVE-2016-5126

Summary of CVE-2016-5126 family in Debian DLA-1927-1 (qemu security update) Debian DLA-1927-1 documents multiple QEMU vulnerabilities, including CVE-2016-5126 (heap-based buffer overflow in iscsi_aio_ioctl in block/iscsi.c) which allows a local guest user to crash the QEMU process or potentially ...

7.8CVSS7.9AI score0.00701EPSS
CVE
CVE
added 2016/01/08 7:0 p.m.122 views

CVE-2015-8668

CVE-2015-8668 is a heap-based buffer overflow in the PackBitsPreEncode function of tif_packbits.c used by bmp2tiff in libtiff (versions

9.8CVSS9.7AI score0.13722EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.122 views

CVE-2016-5844

CVE-2016-5844 is a vulnerability in libarchive prior to 3.2.1 where an integer overflow in the ISO parser can be triggered by a crafted ISO file, leading to denial of service (application crash). Affected components include libarchive and related tools such as bsdtar/cpio. Public advisories (Debi...

6.5CVSS6.5AI score0.04131EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.121 views

CVE-2016-2793

CVE-2016-2793 affects the Graphite 2 font library (CachedCmap.cpp) up to version 1.3.5 used by Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. A crafted Graphite font can trigger a buffer over-read, potentially causing a denial of service or other impact. Remediation, where availabl...

8.8CVSS7.3AI score0.02708EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.121 views

CVE-2016-2798

The CVE-2016-2798 issue affects the Graphite2 font library (Graphite 2) prior to version 1.3.6 used by Mozilla Firefox/Firefox ESR. The vulnerability arises in Graphite2::GlyphCache::Loader::Loader, allowing a remote attacker to trigger a denial of service via a crafted Graphite font, with potent...

8.8CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.118 views

CVE-2016-2795

Graphite 2 vulnerability CVE-2016-2795 affects the Graphite font engine library. The function graphite2::FileFace::get_table_fn in Graphite 2 before 1.3.6 does not initialize memory for an unspecified data structure, enabling a remote attacker to cause denial of service (and possibly other impact...

8.8CVSS7.1AI score0.0227EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.117 views

CVE-2016-2790

The CVE-2016-2790 issue is in Graphite 2 prior to 1.3.6 (graphite2) used by Firefox/Firefox ESR. The root cause is uninitialized memory in Graphite’s TtfUtil::GetTableInfo, enabling a remote attacker to cause a denial of service or potentially other impact via a crafted Graphite font. Impact is t...

8.8CVSS7.1AI score0.0227EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.116 views

CVE-2016-7166

CVE-2016-7166 affects libarchive. The issue arises when processing gzip files: libarchive 3.x allows unlimited recursive decompressions, leading to memory exhaustion and potential application crash (Denial of Service). Affected: libarchive prior to 3.2.0. Impact is a resource exhaustion DoS; no e...

5.5CVSS6.1AI score0.01643EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.115 views

CVE-2016-2799

CVE-2016-2799 is a heap-based buffer overflow in graphite2::Slot::setAttr in Graphite2 up to 1.3.6, impacting Firefox <45.0 and Firefox ESR =1.3.7) to remediate. Monitor vendor advisories for exact fixed versions per distribution.

9.3CVSS7.6AI score0.04889EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.113 views

CVE-2016-5418

CVE-2016-5418 affects libarchive up to and including version 3.2.0, where sandboxing of archives with hardlinks mishandles entries of non-zero data size. This can allow a remote attacker to write to arbitrary files via a crafted archive, as described in multiple advisories. Public reports referen...

7.5CVSS7.5AI score0.04707EPSS
CVE
CVE
added 2015/12/02 1:0 a.m.112 views

CVE-2015-2328

CVE-2015-2328 affects PCRE, where PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ and related recursive patterns. This can enable a remote attacker to trigger a denial of service (segmentation fault) or other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

7.5CVSS7.5AI score0.05244EPSS
CVE
CVE
added 2015/12/02 1:0 a.m.112 views

CVE-2015-8388

PCRE vulnerability CVE-2015-8388 affects PCRE libraries prior to 8.38. A crafted regular expression, specifically patterns like /(?=di(?

7.5CVSS7.6AI score0.06587EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.112 views

CVE-2016-2802

Summary: CVE-2016-2802 affects Graphite 2 before 1.3.6, used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. The flaw resides in graphite2::TtfUtil::CmapSubtable4NextCodepoint and can be exploited to trigger a crash via a crafted Graphite font (buffer over-read), causing a denial...

8.8CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.110 views

CVE-2016-2794

The CVE-2016-2794 entry concerns Graphite 2 prior to version 1.3.6. The vulnerable function is graphite2::TtfUtil::CmapSubtable12NextCodepoint, used by Mozilla Firefox (before 45.0) and Firefox ESR 38.x (before 38.7). A crafted Graphite font can cause a buffer over-read, leading to a denial of se...

9.3CVSS7.3AI score0.03466EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.110 views

CVE-2016-2801

CVE-2016-2797 describes a vulnerability in Graphite2 where the TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6 can be triggered by a crafted Graphite font, used by Firefox before 45.0 and ESR before 38.7, leading to a denial of service via a buffer over-read. The issue is due to...

8.8CVSS7.3AI score0.0227EPSS
Total number of security vulnerabilities229