Lucene search
K
OracleLinux

229 matches found

CVE
CVE
added 2016/03/13 6:0 p.m.108 views

CVE-2016-2791

Summary: CVE-2016-2791 affects the Graphite 2 font library (graphite2) shipped with Graphite-based builds and Mozilla Firefox. The issue is in graphite2::GlyphCache::glyph, where a crafted Graphite font can trigger a buffer over-read, potentially allowing a denial of service and other unspecified...

8.8CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.106 views

CVE-2015-8922

CVE-2015-8922 affects libarchive where the read_CodersInfo function in archive_read_support_format_7zip.c can dereference a NULL pointer when parsing a crafted 7z file, causing a denial of service/crash. Affected versions are libarchive before 3.2.0. Root cause involves the _7z_folder struct hand...

5.5CVSS6.1AI score0.02058EPSS
CVE
CVE
added 2015/05/26 3:0 p.m.105 views

CVE-2015-3812

Wireshark CVE-2015-3812 affects the X11 dissector. Affected versions include 1.10.x before 1.10.14 and 1.12.x before 1.12.5, where multiple memory leaks occur in x11_init_protocol (epan/dissectors/packet-x11.c) that can be triggered by a crafted packet, enabling remote denial of service through m...

7.8CVSS5.3AI score0.03731EPSS
CVE
CVE
added 2016/04/15 2:0 p.m.104 views

CVE-2010-5325

The CVE-2010-5325 entry concerns a heap-based buffer overflow in the unhtmlify function of foomatic-rip within foomatic-filters before 4.0.6. A long job title can trigger memory corruption, potentially crashing the process or enabling arbitrary code execution. Affected component: foomatic-filters...

9.8CVSS9AI score0.05483EPSS
CVE
CVE
added 2015/05/26 3:0 p.m.104 views

CVE-2015-3811

Wireshark CVE-2015-3811 affects the WCP dissector (epan/dissectors/packet-wcp.c). The vulnerability arises when the WCP parser improperly references previously processed bytes, allowing a remote attacker to crash the application via a crafted packet. Affected versions are Wireshark 1.10.x prior t...

5CVSS5.3AI score0.02956EPSS
CVE
CVE
added 2007/12/18 1:0 a.m.103 views

CVE-2007-6283

CVE-2007-6283 concerns ISC BIND permissions: Red Hat Enterprise Linux 5 and Fedora install /etc/rndc.key as world-readable, enabling local users to execute unauthorized named commands and potentially cause a denial of service (e.g., stopping named). Root cause: rndc.key permissions misconfigured....

4.9CVSS7AI score0.00421EPSS
CVE
CVE
added 2016/05/10 7:0 p.m.103 views

CVE-2016-4553

CVE-2016-4553 affects Squid, where the HTTP request handling fails to ignore the Host header for absolute URIs in the request line. This allows remote attackers to perform cache-poisoning. Affected versions are Squid < 3.5.18 and 4.x

8.6CVSS8.2AI score0.79969EPSS
CVE
CVE
added 2015/03/08 2:0 a.m.102 views

CVE-2015-2189

Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 are affected by CVE-2015-2189 due to an off-by-one error in pcapng_read in wiretap/pcapng.c. This causes an out-of-bounds read and potential denial of service when processing crafted packets with an invalid Interface Statistics Block (ISB) ...

5CVSS5.1AI score0.046EPSS
CVE
CVE
added 2015/08/24 11:0 p.m.101 views

CVE-2015-6248

CVE-2015-6248 affects Wireshark 1.12.x prior to 1.12.7. The ptvcursor_add function in epan/proto.c does not verify that the expected amount of data is available, allowing remote attackers to trigger a denial of service (application crash) by sending a crafted packet. The issue is mitigated by upg...

4.3CVSS5.1AI score0.0298EPSS
CVE
CVE
added 2016/05/23 10:0 a.m.101 views

CVE-2016-4951

CVE-2016-4951 refers to a vulnerability in the Linux kernel (tipc_nl_publ_dump in net/tipc/socket.c) present up to version 4.6. The function does not verify socket existence, allowing a local attacker to trigger a denial of service via a NULL pointer dereference that can crash the system, potenti...

7.8CVSS7.5AI score0.00515EPSS
CVE
CVE
added 2015/01/10 2:0 a.m.99 views

CVE-2015-0564

CVE-2015-0564 detail (Wireshark): A buffer underflow in the ssl_decrypt_record function (epan/dissectors/packet-ssl-utils.c) affects Wireshark 1.10.x prior to 1.10.12 and 1.12.x prior to 1.12.3. A crafted SSL packet can be improperly handled during decryption, enabling a remote attacker to cause ...

5CVSS5.1AI score0.02775EPSS
CVE
CVE
added 2014/06/23 10:0 a.m.96 views

CVE-2014-0203

CVE-2014-0203 affects the Linux kernel up to version 2.6.32.x, where the __do_follow_link function in fs/namei.c mishandles the last pathname component for certain filesystems, enabling a local attacker to trigger a denial of service (incorrect free operations and system crash) via an open() call...

5.5CVSS4.9AI score0.00538EPSS
CVE
CVE
added 2015/03/08 2:0 a.m.96 views

CVE-2015-2188

Wireshark vulnerability CVE-2015-2188 affects the WCP dissector (epan/dissectors/packet-wcp.c). The issue is that the data structure is not properly initialized, allowing a crafted packet (via decompression) to trigger an out-of-bounds read and crash the application, enabling a remote DoS. Affect...

5CVSS5.1AI score0.04422EPSS
CVE
CVE
added 2017/03/15 7:0 p.m.95 views

CVE-2015-8896

CVE-2015-8896 is an ImageMagick vulnerability involving an integer truncation in coders/pict.c. A remote attacker can cause a denial of service (application crash) by processing a crafted .pict file. The issue is documented across multiple connected advisories (e.g., MiracleLinux, EulerOS, CNVD) ...

6.5CVSS6.3AI score0.02902EPSS
CVE
CVE
added 2015/05/18 3:0 p.m.93 views

CVE-2015-3455

Squid 3.x is affected when configured with client-first SSL-bump: it does not properly validate the domain/hostname in X.509 certificates, allowing man-in-the-middle attackers to spoof SSL servers with a valid certificate. Affected versions are Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4....

2.6CVSS7.2AI score0.11402EPSS
CVE
CVE
added 2015/08/24 11:0 p.m.93 views

CVE-2015-6244

The CVE-2015-6244 issue affects Wireshark’s ZigBee dissector (epan/dissectors/packet-zbee-security.c). The vulnerability is due to the dissect_zbee_secure function improperly relying on length fields contained in packet data, enabling a remote attacker to crash the application via a crafted ZigBe...

4.3CVSS5.1AI score0.03241EPSS
CVE
CVE
added 2015/08/24 11:0 p.m.92 views

CVE-2015-6245

CVE-2015-6245 affects Wireshark 1.12.x (GSM RLC/MAC dissector). The GSM RLC/MAC dissector uses incorrect integer data types, enabling an attacker to cause a denial of service via a crafted packet that triggers an infinite loop. The vulnerability is addressed in Wireshark 1.12.7 (and related advis...

4.3CVSS5.1AI score0.02946EPSS
CVE
CVE
added 2015/08/24 11:0 p.m.90 views

CVE-2015-6246

Wireshark 1.12.x before 1.12.7 is affected by CVE-2015-6246 due to the dissect_wa_payload function in epan/dissectors/packet-waveagent.c (WaveAgent dissector) mishandling large tag values, allowing a remote attacker to crash the application via a crafted packet (network vector, medium complexity,...

4.3CVSS5.1AI score0.02963EPSS
CVE
CVE
added 2015/08/24 11:0 p.m.88 views

CVE-2015-6243

CVE-2015-6243 affects Wireshark 1.12.x prior to 1.12.7. The dissector-table in epan/packet.c mishandles searches for empty strings, enabling a remote attacker to cause a denial of service (application crash) via a crafted packet, specifically related to the functions dissector_get_string_handle a...

4.3CVSS5.2AI score0.02963EPSS
CVE
CVE
added 2016/09/07 8:0 p.m.84 views

CVE-2016-5404

The CVE-2016-5404 vulnerability affects FreeIPA’s cert_revoke command, which fails to enforce the revoke certificate permission. This allows remote authenticated users to revoke arbitrary certificates by leveraging the retrieve certificate permission. The issue is described across multiple adviso...

6.5CVSS6.3AI score0.02585EPSS
CVE
CVE
added 2016/08/10 2:0 p.m.82 views

CVE-2016-5408

CVE-2016-5408 is a stack-based buffer overflow in squid’s cachemgr.cgi (munge_other_line) that exists in the Squid package before 3.1.23-16.el6_8.6 for Red Hat Enterprise Linux 6, caused by an incomplete fix for CVE-2016-4051. The issue enables remote code execution via unspecified vectors; it is...

9.8CVSS8.9AI score0.04352EPSS
CVE
CVE
added 2016/09/30 2:0 p.m.71 views

CVE-2016-0617

CVE-2016-0617 corresponds to an unspecified vulnerability in the kernel-uek component of Oracle Linux 6. The CVSS data indicates a local-privilege context with a local attacker, aiming to affect availability (Impact: Availability = HIGH; Integrity/Confidentiality = NONE). Publicly detailed exploi...

5.5CVSS6.2AI score0.0034EPSS
CVE
CVE
added 2021/09/24 6:55 p.m.70 views

CVE-2021-2464

CVE-2021-2464 affects Oracle Linux OSwatcher (OSwatcher component) on Oracle Linux 7 and 8. The vulnerability is described as easily exploitable by a low-privilege attacker with logon to the infrastructure where Oracle Linux runs, potentially leading to takeover of Oracle Linux. CVSS 3.1 base sco...

7.8CVSS7.5AI score0.00323EPSS
CVE
CVE
added 2022/06/14 5:50 p.m.61 views

CVE-2022-21504

CVE-2022-21504 affects Oracle UEK 6 U3, where a missing file descriptor count in UEK6 U3 can lead to a use-after-free-like condition: a socket’s descriptor may be closed/freed while still in use, allowing local access to cause a denial of service. The CVE is documented with CVSS 3.1 base score 5....

5.5CVSS5.2AI score0.00248EPSS
CVE
CVE
added 2011/10/18 10:0 p.m.51 views

CVE-2011-2306

CVE-2011-2306 affects Oracle Linux 4 and 5 via the oracle-validated component. The NVD description notes an unspecified vulnerability allowing remote authenticated users to compromise confidentiality and integrity through unknown vectors related to “Oracle validated.” The connected Nessus entry (...

5.5CVSS5.3AI score0.01296EPSS
CVE
CVE
added 2014/11/15 9:0 p.m.50 views

CVE-2014-8566

CVE-2014-8566 affects the mod_auth_mellon module prior to version 0.8.1. The root cause is a session handling flaw where sessions overlap in memory, described as a “session overflow,” which can allow remote attackers to disclose sensitive information or trigger a denial of service (segmentation f...

6.4CVSS6.4AI score0.02731EPSS
CVE
CVE
added 2026/05/01 5:53 p.m.20 views

CVE-2026-35233

CVE-2026-35233 is active in the Oracle Linux dtrace subsystem. An unprivileged user can craft a binary with an out-of-range sh_link, enabling an ELF parser to read memory beyond the allocated section cache due to missing bounds checks during object symbol table construction. This can cause a NULL...

4.4CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2026/03/16 9:36 p.m.16 views

CVE-2026-21991

The CVE-2026-21991 issue affects the DTrace component dtprobed, specifically its handling of USDT probes, enabling arbitrary file creation through crafted provider names. Multiple connected advisories confirm dtprobed as the vulnerable element and describe the risk of code execution as a worst-ca...

5.5CVSS5.9AI score0.00181EPSS
CVE
CVE
added 2026/05/01 5:51 p.m.12 views

CVE-2026-21996

CVE-2026-21996 affects dtrace: an unprivileged, local attacker can trigger a crash in the dtrace process by feeding a malicious ELF binary, caused by an integer Divide-by-Zero in Pbuild_file_symtab(). Several advisories (e.g., Oracle ELSA-2026-50249) indicate a security update addressing this iss...

5.5CVSS5.8AI score0.0011EPSS
Total number of security vulnerabilities229