Lucene search

K
RedhatEnterprise Linux Eus

778 matches found

CVE
CVE
added 2023/09/12 10:15 p.m.535 views

CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue ...

5.9CVSS6.9AI score0.00304EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.533 views

CVE-2019-2628

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS4.7AI score0.00161EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.532 views

CVE-2019-2805

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.3AI score0.00361EPSS
CVE
CVE
added 2019/02/15 3:29 p.m.529 views

CVE-2019-6974

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

8.1CVSS7.7AI score0.0706EPSS
CVE
CVE
added 2023/08/23 11:15 a.m.520 views

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.516 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.8CVSS7.7AI score0.00219EPSS
CVE
CVE
added 2016/11/02 5:59 p.m.515 views

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

7.5CVSS7.4AI score0.4301EPSS
CVE
CVE
added 2018/01/03 6:29 a.m.515 views

CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in a...

10CVSS9.5AI score0.38093EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.515 views

CVE-2019-2510

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS4.9AI score0.00167EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.507 views

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS9.6AI score0.11844EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.498 views

CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges i...

9CVSS9AI score0.58048EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.486 views

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.7AI score0.06081EPSS
CVE
CVE
added 2021/11/23 7:15 p.m.482 views

CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

6.8CVSS5.9AI score0.00113EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.481 views

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8CVSS9.6AI score0.0726EPSS
CVE
CVE
added 2019/05/10 10:29 p.m.480 views

CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

3.3CVSS5.6AI score0.0008EPSS
CVE
CVE
added 2019/08/14 5:15 p.m.476 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary cipher...

8.1CVSS8.4AI score0.03146EPSS
CVE
CVE
added 2020/02/07 3:15 p.m.473 views

CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CVSS9.5AI score0.32252EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.464 views

CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird

8.8CVSS8.2AI score0.7088EPSS
In wild
CVE
CVE
added 2019/07/30 5:15 p.m.463 views

CVE-2018-16871

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to th...

7.5CVSS7.1AI score0.01525EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.459 views

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

8.8CVSS9.5AI score0.06254EPSS
CVE
CVE
added 2017/01/12 6:59 a.m.456 views

CVE-2016-9131

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

7.5CVSS7.3AI score0.58065EPSS
CVE
CVE
added 2016/07/19 10:59 p.m.452 views

CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

5.9CVSS5.7AI score0.34225EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.452 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network ...

9CVSS8.8AI score0.00221EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.448 views

CVE-2019-2481

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.8AI score0.00113EPSS
CVE
CVE
added 2019/07/16 5:15 p.m.437 views

CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

8.1CVSS8.5AI score0.0375EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.437 views

CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

7.8CVSS7.7AI score0.0005EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.435 views

CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.1CVSS6.4AI score0.00246EPSS
CVE
CVE
added 2019/06/14 2:29 p.m.431 views

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

9.8CVSS9.8AI score0.02811EPSS
CVE
CVE
added 2014/10/10 10:55 a.m.426 views

CVE-2014-3581

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

5CVSS6.2AI score0.02942EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.426 views

CVE-2019-2531

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS4.8AI score0.00131EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.426 views

CVE-2019-2975

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

5.8CVSS4.8AI score0.00273EPSS
CVE
CVE
added 2017/10/24 1:29 a.m.425 views

CVE-2017-12613

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap ...

7.1CVSS7.1AI score0.00294EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.425 views

CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

9.8CVSS6.8AI score0.00802EPSS
CVE
CVE
added 2023/11/03 8:15 a.m.417 views

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

9.3CVSS6.1AI score0.04954EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.412 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00108EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.411 views

CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message t...

5.5CVSS5.5AI score0.00116EPSS
CVE
CVE
added 2024/02/09 7:16 a.m.408 views

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or re...

7.8CVSS8.2AI score0.00291EPSS
CVE
CVE
added 2020/10/07 3:15 p.m.406 views

CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS7.2AI score0.02106EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.403 views

CVE-2018-3214

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with netw...

5.3CVSS5.5AI score0.00102EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.401 views

CVE-2019-2738

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoc...

3.5CVSS3AI score0.0067EPSS
CVE
CVE
added 2019/06/05 3:29 p.m.397 views

CVE-2019-9755

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In inst...

7CVSS7.2AI score0.00103EPSS
CVE
CVE
added 2019/04/22 10:29 p.m.396 views

CVE-2019-11459

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

5.5CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.386 views

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS5.8AI score0.00046EPSS
CVE
CVE
added 2019/05/15 1:29 p.m.386 views

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

5.5CVSS6.4AI score0.00025EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.386 views

CVE-2019-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise ...

4.9CVSS4.8AI score0.00562EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.384 views

CVE-2019-2797

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached ...

4.2CVSS4.1AI score0.00172EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.374 views

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated at...

4.3CVSS4AI score0.0005EPSS
CVE
CVE
added 2020/01/13 6:15 a.m.373 views

CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

7.5CVSS7.9AI score0.0122EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.372 views

CVE-2019-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr...

5.5CVSS5.3AI score0.00529EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.370 views

CVE-2019-2539

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.8AI score0.00418EPSS
Total number of security vulnerabilities778