Lucene search

K
RedhatEnterprise Linux Desktop7.0

1020 matches found

CVE
CVE
added 2016/06/07 2:6 p.m.67 views

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.1CVSS7.4AI score0.00092EPSS
CVE
CVE
added 2014/11/13 9:32 p.m.66 views

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing r...

5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2014/12/08 4:59 p.m.66 views

CVE-2014-9273

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

4.6CVSS7.1AI score0.00179EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.66 views

CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service ...

8.1CVSS7.7AI score0.00177EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.66 views

CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

7CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.65 views

CVE-2016-3099

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

7.5CVSS5.3AI score0.0028EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.65 views

CVE-2016-7050

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

9.8CVSS9.5AI score0.01077EPSS
CVE
CVE
added 2016/12/14 10:59 p.m.64 views

CVE-2014-8241

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

9.8CVSS9AI score0.0454EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.64 views

CVE-2016-4992

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.

7.5CVSS8.3AI score0.00331EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.64 views

CVE-2016-5416

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.

7.5CVSS8.2AI score0.00316EPSS
CVE
CVE
added 2018/07/27 8:29 p.m.64 views

CVE-2017-15101

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

9.8CVSS8AI score0.00316EPSS
CVE
CVE
added 2017/07/25 6:29 p.m.63 views

CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

5.5CVSS5.2AI score0.00067EPSS
CVE
CVE
added 2017/04/11 6:59 p.m.63 views

CVE-2016-4445

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

7CVSS6.8AI score0.0007EPSS
CVE
CVE
added 2016/07/12 7:59 p.m.63 views

CVE-2016-5009

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

6.5CVSS6.1AI score0.01361EPSS
CVE
CVE
added 2017/04/11 6:59 p.m.61 views

CVE-2016-4444

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

7CVSS6.9AI score0.0007EPSS
CVE
CVE
added 2018/06/22 1:29 p.m.56 views

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

6.5CVSS6.1AI score0.10986EPSS
CVE
CVE
added 2014/05/02 2:55 p.m.55 views

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

2.1CVSS6.2AI score0.00074EPSS
CVE
CVE
added 2014/12/25 9:59 p.m.52 views

CVE-2014-7300

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a...

7.2CVSS7.2AI score0.00044EPSS
CVE
CVE
added 2017/04/11 6:59 p.m.51 views

CVE-2016-4989

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in ...

7CVSS6.8AI score0.0007EPSS
CVE
CVE
added 2017/04/11 6:59 p.m.50 views

CVE-2016-4446

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

7CVSS6.9AI score0.0007EPSS
Total number of security vulnerabilities1020