Enterprise Linux Eus Security Vulnerabilities and Issues — Page 14 of Enterprise Linux Eus CVE List

Lucene search

RedhatEnterprise Linux Eus

778 matches found

CVE•added 2013/04/17 12:14 p.m.•101 views

CVE-2013-1506

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

2.8CVSS4.3AI score0.00552EPSS

CVE•added 2014/11/01 11:55 p.m.•101 views

CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

2.1CVSS6.1AI score0.00092EPSS

CVE•added 2011/04/10 2:51 a.m.•100 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS

CVE•added 2012/06/05 11:55 p.m.•100 views

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) m...

9.3CVSS9.9AI score0.01248EPSS

CVE•added 2012/08/29 10:56 a.m.•100 views

CVE-2012-3961

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap me...

10CVSS9.4AI score0.02093EPSS

CVE•added 2012/08/29 10:56 a.m.•100 views

CVE-2012-3967

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remo...

9.3CVSS9.3AI score0.00593EPSS

CVE•added 2013/04/17 12:19 p.m.•100 views

CVE-2013-1531

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

6.5CVSS4.3AI score0.00473EPSS

CVE•added 2014/03/19 10:55 a.m.•100 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS

CVE•added 2013/01/17 1:55 a.m.•99 views

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

4CVSS4.5AI score0.0071EPSS

CVE•added 2012/05/03 10:55 p.m.•99 views

CVE-2012-1688

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

4CVSS4.4AI score0.00607EPSS

CVE•added 2013/01/13 8:55 p.m.•99 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS

CVE•added 2017/02/15 7:59 p.m.•99 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS

CVE•added 2012/08/29 10:56 a.m.•98 views

CVE-2012-1973

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial ...

10CVSS9.4AI score0.04246EPSS

CVE•added 2013/01/13 8:55 p.m.•98 views

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denia...

9.3CVSS9.9AI score0.01145EPSS

CVE•added 2013/04/17 5:55 p.m.•98 views

CVE-2013-2389

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00622EPSS

CVE•added 2018/06/11 9:29 p.m.•98 views

CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird

5.3CVSS6.1AI score0.01565EPSS

CVE•added 2012/10/17 12:55 a.m.•97 views

CVE-2012-3197

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS4.2AI score0.00594EPSS

CVE•added 2012/08/29 10:56 a.m.•97 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS

CVE•added 2013/04/17 12:19 p.m.•97 views

CVE-2013-1521

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

6.5CVSS4.3AI score0.00465EPSS

CVE•added 2014/06/05 8:55 p.m.•97 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.06623EPSS

CVE•added 2016/05/25 3:59 p.m.•97 views

CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

6.5CVSS6.4AI score0.00064EPSS

CVE•added 2011/08/29 3:55 p.m.•96 views

CVE-2011-2821

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

7.5CVSS8.7AI score0.02282EPSS

CVE•added 2012/06/16 12:55 a.m.•96 views

CVE-2011-3193

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

9.3CVSS7.8AI score0.03158EPSS

CVE•added 2013/10/16 5:55 p.m.•96 views

CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn...

10CVSS6.3AI score0.14276EPSS

CVE•added 2014/11/14 3:59 p.m.•96 views

CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

5CVSS5.8AI score0.03847EPSS

CVE•added 2015/05/14 10:59 a.m.•96 views

CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v...

6.8CVSS8AI score0.07609EPSS

CVE•added 2009/10/20 5:30 p.m.•95 views

CVE-2009-2910

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

2.1CVSS5.9AI score0.00052EPSS

CVE•added 2012/10/17 12:55 a.m.•95 views

CVE-2012-3173

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

4CVSS4.2AI score0.00635EPSS

CVE•added 2012/11/23 8:55 p.m.•95 views

CVE-2012-3515

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

7.2CVSS5.9AI score0.00054EPSS

CVE•added 2012/11/21 12:55 p.m.•95 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS

CVE•added 2013/04/17 12:19 p.m.•95 views

CVE-2013-1544

4CVSS4.3AI score0.00562EPSS

CVE•added 2014/04/16 2:55 a.m.•95 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

3.5CVSS3.9AI score0.01187EPSS

CVE•added 2014/12/12 3:59 p.m.•95 views

CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

7.5CVSS7.1AI score0.02455EPSS

CVE•added 2012/05/17 11:0 a.m.•94 views

CVE-2012-0207

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

7.8CVSS6.9AI score0.1317EPSS

CVE•added 2012/07/17 10:55 p.m.•94 views

CVE-2012-1734

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.3AI score0.00447EPSS

CVE•added 2013/04/17 5:55 p.m.•94 views

CVE-2013-2391

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

3CVSS4.2AI score0.00154EPSS

CVE•added 2009/11/16 7:30 p.m.•93 views

CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

7.1CVSS6.4AI score0.00044EPSS

CVE•added 2011/03/15 5:55 p.m.•93 views

CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid point...

5.7CVSS6.2AI score0.00442EPSS

CVE•added 2012/08/29 10:56 a.m.•93 views

CVE-2012-1975

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service ...

10CVSS9.4AI score0.03305EPSS

CVE•added 2012/11/21 12:55 p.m.•93 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS

CVE•added 2013/04/17 5:55 p.m.•93 views

CVE-2013-2392

4CVSS4.3AI score0.00622EPSS

CVE•added 2018/08/20 9:29 p.m.•93 views

CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.8AI score0.00145EPSS

CVE•added 2012/08/29 10:56 a.m.•92 views

CVE-2012-1974

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of s...

10CVSS9.4AI score0.03305EPSS

CVE•added 2012/06/13 10:24 a.m.•92 views

CVE-2012-2313

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

1.2CVSS5.5AI score0.00224EPSS

CVE•added 2013/02/19 11:55 p.m.•92 views

CVE-2013-0782

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified ...

9.3CVSS9.8AI score0.02889EPSS

CVE•added 2014/07/20 11:12 a.m.•92 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS

CVE•added 2024/06/06 6:15 a.m.•92 views

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

5.9CVSS5.4AI score0.00618EPSS

CVE•added 2012/08/29 10:56 a.m.•91 views

CVE-2012-3957

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.02961EPSS

CVE•added 2013/01/13 8:55 p.m.•91 views

CVE-2013-0759

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in t...

5CVSS6.3AI score0.01368EPSS

CVE•added 2013/04/17 12:19 p.m.•91 views

CVE-2013-1532

4CVSS4.3AI score0.00622EPSS

Total number of security vulnerabilities778