Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OracleLinux

226 matches found

CVE
CVEadded 2015/05/26 3:59 p.m.92 views

CVE-2015-3812

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.

7.8CVSS5.3AI score0.00656EPSS
CVE
CVEadded 2015/05/26 3:59 p.m.90 views

CVE-2015-3811

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015...

5CVSS5.3AI score0.00344EPSS
CVE
CVEadded 2016/09/20 2:15 p.m.89 views

CVE-2015-8922

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

5.5CVSS6.1AI score0.00368EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.89 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS
CVE
CVEadded 2016/05/10 7:59 p.m.87 views

CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

8.6CVSS8.2AI score0.39528EPSS
CVE
CVEadded 2007/12/18 1:46 a.m.86 views

CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

4.9CVSS7AI score0.00099EPSS
CVE
CVEadded 2016/04/15 2:59 p.m.86 views

CVE-2010-5325

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

9.8CVSS9AI score0.05963EPSS
CVE
CVEadded 2015/03/08 2:59 a.m.86 views

CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) inte...

5CVSS5.1AI score0.00295EPSS
CVE
CVEadded 2015/08/24 11:59 p.m.83 views

CVE-2015-6248

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.0067EPSS
CVE
CVEadded 2017/03/15 7:59 p.m.83 views

CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

6.5CVSS6.3AI score0.00228EPSS
CVE
CVEadded 2015/01/10 2:59 a.m.81 views

CVE-2015-0564

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL ...

5CVSS5.1AI score0.00619EPSS
CVE
CVEadded 2015/08/24 11:59 p.m.81 views

CVE-2015-6244

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.00792EPSS
CVE
CVEadded 2014/06/23 11:21 a.m.80 views

CVE-2014-0203

The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.

5.5CVSS4.9AI score0.00043EPSS
CVE
CVEadded 2015/08/24 11:59 p.m.79 views

CVE-2015-6245

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3CVSS5.1AI score0.00378EPSS
CVE
CVEadded 2015/08/24 11:59 p.m.79 views

CVE-2015-6246

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.00661EPSS
CVE
CVEadded 2016/05/23 10:59 a.m.78 views

CVE-2016-4951

The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.

7.8CVSS7.5AI score0.00138EPSS
CVE
CVEadded 2015/03/08 2:59 a.m.77 views

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly ...

5CVSS5.1AI score0.00344EPSS
CVE
CVEadded 2015/05/18 3:59 p.m.73 views

CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificat...

2.6CVSS7.2AI score0.02109EPSS
CVE
CVEadded 2015/08/24 11:59 p.m.73 views

CVE-2015-6243

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_ge...

4.3CVSS5.2AI score0.00661EPSS
CVE
CVEadded 2016/09/07 8:59 p.m.67 views

CVE-2016-5404

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

6.5CVSS6.3AI score0.00664EPSS
CVE
CVEadded 2016/08/10 2:59 p.m.65 views

CVE-2016-5408

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-201...

9.8CVSS8.9AI score0.05371EPSS
CVE
CVEadded 2021/09/24 7:15 p.m.57 views

CVE-2021-2464

Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability c...

7.8CVSS7.5AI score0.00064EPSS
CVE
CVEadded 2016/09/30 2:59 p.m.56 views

CVE-2016-0617

Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.

5.5CVSS6.2AI score0.00062EPSS
CVE
CVEadded 2022/06/14 6:15 p.m.52 views

CVE-2022-21504

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, ...

5.5CVSS5.2AI score0.00205EPSS
CVE
CVEadded 2011/10/18 10:55 p.m.42 views

CVE-2011-2306

Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated."

5.5CVSS5.3AI score0.00206EPSS
CVE
CVEadded 2014/11/15 9:59 p.m.38 views

CVE-2014-8566

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

6.4CVSS6.4AI score0.01092EPSS
Total number of security vulnerabilities226