Lucene search

K
RedhatEnterprise Linux Eus

778 matches found

CVE
CVE
added 2023/03/27 9:15 p.m.315 views

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs pri...

7.8CVSS7.9AI score0.00577EPSS
CVE
CVE
added 2024/10/09 3:15 p.m.315 views

CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can...

7.8CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.314 views

CVE-2018-3136

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.4CVSS4.7AI score0.00134EPSS
CVE
CVE
added 2019/07/05 2:15 p.m.314 views

CVE-2019-13313

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

7.8CVSS7.3AI score0.00044EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.314 views

CVE-2019-2688

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00405EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.314 views

CVE-2019-2795

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful ...

6.5CVSS6.2AI score0.02005EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.314 views

CVE-2019-2798

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.8AI score0.00457EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.313 views

CVE-2019-2810

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.9AI score0.0044EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.313 views

CVE-2019-2812

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.2AI score0.00775EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.313 views

CVE-2019-2992

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00565EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.313 views

CVE-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

7.5CVSS7.2AI score0.00204EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.312 views

CVE-2019-2802

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS5AI score0.00457EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.311 views

CVE-2019-2631

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

4.9CVSS4.8AI score0.00215EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.311 views

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

6.8CVSS6.7AI score0.00478EPSS
CVE
CVE
added 2019/12/19 6:15 p.m.309 views

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

7.5CVSS7.5AI score0.00168EPSS
CVE
CVE
added 2022/03/03 7:15 p.m.309 views

CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

7CVSS7.2AI score0.00064EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.308 views

CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

5.8CVSS4.9AI score0.00398EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.307 views

CVE-2019-2801

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS5AI score0.00457EPSS
CVE
CVE
added 2012/06/09 12:55 a.m.303 views

CVE-2012-2037

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.25628EPSS
In wild
CVE
CVE
added 2019/07/23 11:15 p.m.302 views

CVE-2019-2762

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00341EPSS
CVE
CVE
added 2023/12/08 5:15 p.m.302 views

CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

7.1CVSS7AI score0.00008EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.301 views

CVE-2013-1548

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

3.5CVSS4.3AI score0.00582EPSS
CVE
CVE
added 2019/09/25 6:15 p.m.299 views

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

7.5CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2019/04/11 4:29 p.m.295 views

CVE-2019-3460

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.5CVSS7AI score0.00419EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.295 views

CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...

9.8CVSS9.9AI score0.02189EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.294 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.07984EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.293 views

CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user contr...

8.8CVSS9.2AI score0.18917EPSS
CVE
CVE
added 2020/02/07 3:15 p.m.291 views

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

9.8CVSS9.4AI score0.02287EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.289 views

CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up...

7.2CVSS6.8AI score0.16771EPSS
CVE
CVE
added 2023/11/03 8:15 a.m.288 views

CVE-2023-46847

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

8.6CVSS8.8AI score0.52678EPSS
CVE
CVE
added 2018/07/10 9:29 p.m.287 views

CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

5.6CVSS6.3AI score0.00916EPSS
CVE
CVE
added 2022/04/04 8:15 p.m.284 views

CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to p...

7.5CVSS7.2AI score0.00553EPSS
CVE
CVE
added 2020/07/31 10:15 p.m.279 views

CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

6CVSS7AI score0.00033EPSS
CVE
CVE
added 2018/01/09 7:29 p.m.275 views

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and ...

4.9CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.273 views

CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

5.5CVSS6.9AI score0.00108EPSS
CVE
CVE
added 2024/02/07 9:15 p.m.273 views

CVE-2023-6535

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

7.5CVSS6.9AI score0.00039EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.271 views

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past t...

7.2CVSS6.8AI score0.34565EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.270 views

CVE-2017-3309

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple p...

7.7CVSS6AI score0.00321EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.270 views

CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

7.7CVSS6.6AI score0.00159EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.269 views

CVE-2017-10355

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker w...

5.3CVSS5.3AI score0.06888EPSS
Web
CVE
CVE
added 2023/03/27 10:15 p.m.268 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

7.8CVSS8.1AI score0.0031EPSS
CVE
CVE
added 2019/01/29 12:29 a.m.267 views

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-o...

5.5CVSS6.9AI score0.00104EPSS
CVE
CVE
added 2020/02/07 3:15 p.m.266 views

CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5CVSS8.2AI score0.04722EPSS
CVE
CVE
added 2019/06/25 12:15 p.m.264 views

CVE-2019-12817

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

7CVSS7.4AI score0.00067EPSS
CVE
CVE
added 2019/02/20 12:29 a.m.264 views

CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

9.8CVSS9.7AI score0.01979EPSS
CVE
CVE
added 2024/02/15 5:15 a.m.262 views

CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivi...

8CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2022/03/04 4:15 p.m.261 views

CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

5.5CVSS6AI score0.00015EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.260 views

CVE-2018-2668

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.260 views

CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi...

3.5CVSS3.6AI score0.00383EPSS
CVE
CVE
added 2017/08/10 4:29 p.m.259 views

CVE-2016-5018

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

9.1CVSS8.3AI score0.00907EPSS
Total number of security vulnerabilities778