Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2018/03/16 4:29 p.m.321 views

CVE-2018-1068

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

7.2CVSS6.3AI score0.00053EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.321 views

CVE-2018-3058

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

4.3CVSS4.2AI score0.00144EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.320 views

CVE-2018-3169

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

8.3CVSS8.6AI score0.00197EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.319 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS8.6AI score0.00105EPSS
Web
CVE
CVE
added 2019/10/16 6:15 p.m.318 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4AI score0.00187EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.317 views

CVE-2019-2999

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS4.9AI score0.02008EPSS
CVE
CVE
added 2014/03/11 1:1 p.m.316 views

CVE-2014-0101

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system cra...

7.8CVSS5.9AI score0.03091EPSS
CVE
CVE
added 2018/01/24 10:29 p.m.316 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned...

9.8CVSS8AI score0.06767EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.316 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS6.7AI score0.00399EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.316 views

CVE-2019-2964

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multi...

4.3CVSS3.9AI score0.00256EPSS
CVE
CVE
added 2017/12/07 7:29 p.m.315 views

CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By ...

7.5CVSS7.1AI score0.03286EPSS
CVE
CVE
added 2018/08/01 5:29 p.m.315 views

CVE-2018-10897

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversa...

9.3CVSS7.8AI score0.03696EPSS
CVE
CVE
added 2018/04/23 7:29 p.m.315 views

CVE-2018-8781

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.314 views

CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS4.3AI score0.00166EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.313 views

CVE-2019-2988

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00241EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.313 views

CVE-2020-6404

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7.7AI score0.01744EPSS
Web
CVE
CVE
added 2023/03/27 9:15 p.m.312 views

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs pri...

7.8CVSS7.9AI score0.00577EPSS
CVE
CVE
added 2018/08/22 2:29 p.m.311 views

CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

8.1CVSS7.6AI score0.02128EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.311 views

CVE-2019-3896

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

7.8CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.310 views

CVE-2017-14494

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

5.9CVSS7.3AI score0.15405EPSS
Web
CVE
CVE
added 2019/10/16 6:15 p.m.310 views

CVE-2019-2989

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.8CVSS6.4AI score0.01604EPSS
CVE
CVE
added 2023/02/01 5:15 p.m.308 views

CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

8.8CVSS8.4AI score0.0009EPSS
CVE
CVE
added 2017/12/11 9:29 p.m.307 views

CVE-2017-1000407

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

7.4CVSS5.9AI score0.00458EPSS
CVE
CVE
added 2019/01/25 6:29 p.m.307 views

CVE-2018-16881

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

7.5CVSS7.1AI score0.02784EPSS
CVE
CVE
added 2019/01/28 3:29 p.m.307 views

CVE-2019-3815

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-j...

3.3CVSS6AI score0.0015EPSS
CVE
CVE
added 2018/07/24 8:29 p.m.306 views

CVE-2018-10906

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attac...

7.8CVSS7.5AI score0.00058EPSS
Web
CVE
CVE
added 2018/01/18 2:29 a.m.306 views

CVE-2018-2582

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols...

6.5CVSS5.5AI score0.00144EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.306 views

CVE-2019-2816

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

5.8CVSS4.2AI score0.00137EPSS
CVE
CVE
added 2020/01/10 10:15 p.m.306 views

CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02899EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.305 views

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4AI score0.00256EPSS
CVE
CVE
added 2012/06/09 12:55 a.m.301 views

CVE-2012-2037

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.25628EPSS
In wild
CVE
CVE
added 2018/07/10 2:29 p.m.301 views

CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are ...

6.5CVSS6.9AI score0.00144EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.300 views

CVE-2019-2981

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00209EPSS
CVE
CVE
added 2016/07/23 7:59 p.m.299 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04195EPSS
CVE
CVE
added 2018/05/23 1:29 p.m.298 views

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution...

7.8CVSS8.3AI score0.0028EPSS
CVE
CVE
added 2019/01/14 7:29 p.m.298 views

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a rem...

8.1CVSS7.9AI score0.00738EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.298 views

CVE-2019-2962

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00256EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.296 views

CVE-2019-2987

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vu...

4.3CVSS4.1AI score0.00365EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.295 views

CVE-2018-3136

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.4CVSS4.7AI score0.00162EPSS
CVE
CVE
added 2018/06/08 9:29 p.m.294 views

CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent ...

7.5CVSS7.8AI score0.01336EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.294 views

CVE-2019-2992

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00565EPSS
CVE
CVE
added 2018/07/26 6:29 p.m.293 views

CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

7.8CVSS7.4AI score0.00044EPSS
CVE
CVE
added 2019/04/11 4:29 p.m.293 views

CVE-2019-3460

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.5CVSS7AI score0.00188EPSS
CVE
CVE
added 2020/01/31 11:15 p.m.292 views

CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09808EPSS
CVE
CVE
added 2018/05/10 1:29 p.m.292 views

CVE-2018-1130

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

5.5CVSS5.9AI score0.0003EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.292 views

CVE-2018-3066

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS3.6AI score0.0013EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.292 views

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

6.8CVSS6.7AI score0.00478EPSS
CVE
CVE
added 2018/04/24 6:29 a.m.291 views

CVE-2018-10322

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.

5.5CVSS6.5AI score0.00051EPSS
CVE
CVE
added 2018/07/05 6:29 p.m.291 views

CVE-2018-12910

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

9.8CVSS8.7AI score0.06804EPSS
CVE
CVE
added 2018/05/15 4:29 p.m.290 views

CVE-2018-1087

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch o...

8CVSS6.3AI score0.0003EPSS
Total number of security vulnerabilities1928