Lucene search

K
RedhatEnterprise Linux Eus

778 matches found

CVE
CVE
added 2023/08/25 5:15 p.m.104 views

CVE-2023-38201

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate ...

6.5CVSS6.4AI score0.00019EPSS
CVE
CVE
added 2007/12/04 12:46 a.m.103 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2009/10/19 8:0 p.m.103 views

CVE-2009-3228

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memor...

2.1CVSS6.5AI score0.00077EPSS
CVE
CVE
added 2012/07/17 10:55 p.m.103 views

CVE-2012-1689

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00555EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.103 views

CVE-2012-3167

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

3.5CVSS4.2AI score0.00536EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.103 views

CVE-2012-4194

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to con...

4.3CVSS8.2AI score0.01358EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.103 views

CVE-2013-0767

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary cod...

10CVSS9.5AI score0.01907EPSS
CVE
CVE
added 2011/08/29 6:55 p.m.102 views

CVE-2011-2213

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated ...

4.9CVSS6AI score0.00127EPSS
CVE
CVE
added 2011/07/28 10:55 p.m.102 views

CVE-2011-2492

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net...

1.9CVSS5.9AI score0.00055EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.102 views

CVE-2012-1690

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

4CVSS4.3AI score0.00938EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.102 views

CVE-2012-1702

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

5CVSS4.7AI score0.00839EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.102 views

CVE-2014-1523

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

6.5CVSS7.5AI score0.0054EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.102 views

CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corr...

9.3CVSS8.3AI score0.01722EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.102 views

CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5CVSS8.4AI score0.02089EPSS
CVE
CVE
added 2023/05/17 10:15 p.m.102 views

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a...

8.8CVSS8.9AI score0.00108EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.101 views

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script...

4CVSS9.1AI score0.00653EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.101 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
Web
CVE
CVE
added 2014/04/16 2:55 a.m.101 views

CVE-2014-2430

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

3.5CVSS3.9AI score0.00901EPSS
CVE
CVE
added 2009/03/06 11:30 a.m.100 views

CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS4.6AI score0.00104EPSS
CVE
CVE
added 2016/06/01 10:59 p.m.100 views

CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

7.8CVSS7.9AI score0.0017EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.100 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

9.1CVSS9AI score0.005EPSS
CVE
CVE
added 2009/04/09 12:30 a.m.99 views

CVE-2009-0846

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding th...

10CVSS7.5AI score0.23588EPSS
CVE
CVE
added 2011/05/03 8:55 p.m.99 views

CVE-2011-1593

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

4.9CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.99 views

CVE-2013-0766

Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to exe...

9.3CVSS9.5AI score0.02851EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.99 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.99 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web sit...

6.1CVSS6.9AI score0.00756EPSS
CVE
CVE
added 2014/11/01 11:55 p.m.99 views

CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

2.1CVSS6.1AI score0.00092EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.99 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS
CVE
CVE
added 2024/06/12 9:15 a.m.99 views

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user p...

8.1CVSS7.8AI score0.1679EPSS
Web
CVE
CVE
added 2011/04/10 2:51 a.m.98 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.98 views

CVE-2012-3961

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap me...

10CVSS9.4AI score0.02093EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.98 views

CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have uns...

9.3CVSS9.4AI score0.01916EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.98 views

CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.6AI score0.55611EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.98 views

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote ...

4.3CVSS7.8AI score0.01708EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.98 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.97 views

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

4CVSS4.5AI score0.0071EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.97 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS
CVE
CVE
added 2013/04/17 12:14 p.m.97 views

CVE-2013-1506

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

2.8CVSS4.3AI score0.00552EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.97 views

CVE-2013-1531

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

6.5CVSS4.3AI score0.00473EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.97 views

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for...

9.3CVSS7.9AI score0.00906EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.97 views

CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird

5.3CVSS6.1AI score0.01565EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.96 views

CVE-2012-1688

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

4CVSS4.4AI score0.00607EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.96 views

CVE-2012-1973

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial ...

10CVSS9.4AI score0.04246EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.96 views

CVE-2012-4185

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor...

9.3CVSS9.6AI score0.05225EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.96 views

CVE-2012-4214

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial ...

9.3CVSS9.1AI score0.04317EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.96 views

CVE-2012-5842

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application ...

9.3CVSS9.4AI score0.0178EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.96 views

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denia...

9.3CVSS9.9AI score0.01145EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.96 views

CVE-2013-2389

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.95 views

CVE-2011-2821

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

7.5CVSS8.7AI score0.02282EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.95 views

CVE-2012-3197

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS4.2AI score0.00316EPSS
Total number of security vulnerabilities778