Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Eus7.2

53 matches found

CVE
CVEadded 2017/06/20 1:29 a.m.7422 views

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

9.8CVSS9.6AI score0.09049EPSS
CVE
CVEadded 2017/06/20 1:29 a.m.5998 views

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or t...

7.5CVSS8.4AI score0.7189EPSS
CVE
CVEadded 2017/04/11 6:59 p.m.1768 views

CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on...

9.8CVSS9AI score0.02402EPSS
CVE
CVEadded 2016/07/19 2:0 a.m.1409 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary ...

8.1CVSS8AI score0.7312EPSS
CVE
CVEadded 2015/07/16 10:59 a.m.1105 views

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

10CVSS4.2AI score0.76849EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.1034 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.89383EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.1030 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS
CVE
CVEadded 2015/10/22 12:0 a.m.932 views

CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.3CVSS5.5AI score0.06707EPSS
CVE
CVEadded 2015/08/08 12:59 a.m.899 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wi...

8.8CVSS6.6AI score0.7594EPSS
CVE
CVEadded 2015/04/01 2:0 a.m.846 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS
CVE
CVEadded 2016/04/21 11:0 a.m.659 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.93626EPSS
CVE
CVEadded 2016/11/02 5:59 p.m.508 views

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

7.5CVSS7.4AI score0.4301EPSS
CVE
CVEadded 2017/01/12 6:59 a.m.447 views

CVE-2016-9131

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

7.5CVSS7.3AI score0.58065EPSS
CVE
CVEadded 2016/07/19 10:59 p.m.444 views

CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

5.9CVSS5.7AI score0.34225EPSS
CVE
CVEadded 2016/05/16 10:59 a.m.224 views

CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

5.9CVSS5.6AI score0.54248EPSS
CVE
CVEadded 2015/11/13 3:59 a.m.189 views

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly ha...

7.5CVSS7.9AI score0.04755EPSS
CVE
CVEadded 2019/04/23 4:29 p.m.145 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.137 views

CVE-2015-4870

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

4CVSS5.1AI score0.19341EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.137 views

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

7.5CVSS7AI score0.00263EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.134 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

1.7CVSS5.2AI score0.0092EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.132 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2015/10/22 12:0 a.m.132 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

3.5CVSS5.2AI score0.00419EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.131 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0447EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.125 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.121 views

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7CVSS4.8AI score0.00601EPSS
CVE
CVEadded 2015/12/02 1:59 a.m.119 views

CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encou...

9.8CVSS7.6AI score0.0768EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.117 views

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

4CVSS4.8AI score0.00509EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.116 views

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

4CVSS5.2AI score0.0092EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.116 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00419EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.115 views

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.115 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.00598EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.115 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00392EPSS
CVE
CVEadded 2016/02/13 2:59 a.m.115 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.115 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00414EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.114 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00419EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.114 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00304EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.113 views

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.113 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00598EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.113 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.00861EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.112 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00413EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.112 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00299EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.110 views

CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

3.5CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2016/02/13 2:59 a.m.110 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS
CVE
CVEadded 2016/01/12 7:59 p.m.108 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

8.6CVSS7.9AI score0.05081EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.106 views

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

4.6CVSS5AI score0.00581EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.105 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

4CVSS4.8AI score0.00458EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.104 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00598EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.102 views

CVE-2015-4864

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

3.5CVSS4.7AI score0.00327EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.100 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.00255EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.99 views

CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by rea...

5.5CVSS5.4AI score0.00043EPSS
Total number of security vulnerabilities53