Lucene search

K
RedhatEnterprise Linux Server Aus

1054 matches found

CVE
CVE
added 2019/04/09 6:29 p.m.202 views

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

7.5CVSS7.1AI score0.00723EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.202 views

CVE-2018-12362

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefo...

8.8CVSS7.8AI score0.0062EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.202 views

CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbi...

9.8CVSS7.2AI score0.02628EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.202 views

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

5.3CVSS5AI score0.00124EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.201 views

CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

6.5CVSS5.4AI score0.01232EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.201 views

CVE-2017-10198

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS6.8AI score0.00281EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.201 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

6.5CVSS5.3AI score0.00034EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.200 views

CVE-2017-10274

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. S...

6.8CVSS6.8AI score0.00575EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.200 views

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.2AI score0.00447EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.200 views

CVE-2017-3641

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.9AI score0.00119EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.200 views

CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, ...

8.8CVSS8.2AI score0.01033EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.200 views

CVE-2018-2588

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS4.2AI score0.00328EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.199 views

CVE-2017-3453

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple p...

6.5CVSS5.7AI score0.00276EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.199 views

CVE-2018-12359

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60,...

8.8CVSS7.8AI score0.0093EPSS
CVE
CVE
added 2024/04/16 8:15 p.m.199 views

CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a...

8.8CVSS6.6AI score0.00406EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.198 views

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

10CVSS9.5AI score0.01612EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.198 views

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

8.3CVSS8.6AI score0.01101EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.197 views

CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

5.5CVSS5.3AI score0.00032EPSS
CVE
CVE
added 2017/08/10 10:29 p.m.196 views

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possibl...

7.5CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.196 views

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <...

8.8CVSS7.8AI score0.0062EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.196 views

CVE-2018-5188

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird &lt...

9.8CVSS8.5AI score0.01127EPSS
CVE
CVE
added 2015/12/06 8:59 p.m.195 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02942EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.195 views

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.3AI score0.00261EPSS
CVE
CVE
added 2017/06/06 9:29 p.m.195 views

CVE-2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

6.8CVSS6.2AI score0.04032EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.195 views

CVE-2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects...

8.8CVSS7.7AI score0.0062EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.195 views

CVE-2018-12378

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird

9.8CVSS6.4AI score0.02628EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.194 views

CVE-2017-10384

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS5.5AI score0.00472EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.194 views

CVE-2017-3317

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQ...

4CVSS4.2AI score0.00023EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.194 views

CVE-2017-5380

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9.1AI score0.02031EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.194 views

CVE-2018-12366

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and ...

6.5CVSS7.2AI score0.00338EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.194 views

CVE-2018-2678

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2017/08/31 5:29 p.m.193 views

CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is n...

9.8CVSS7.3AI score0.01786EPSS
CVE
CVE
added 2018/06/13 8:29 p.m.193 views

CVE-2018-10850

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

7.1CVSS5.8AI score0.02052EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.193 views

CVE-2018-5150

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS7.9AI score0.03014EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.192 views

CVE-2017-3258

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.5CVSS5.8AI score0.00612EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.192 views

CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

5.3CVSS4.9AI score0.00063EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.192 views

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird &lt...

8.8CVSS7.5AI score0.00287EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.191 views

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

7.5CVSS8.2AI score0.22612EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.191 views

CVE-2017-3539

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.9AI score0.00504EPSS
CVE
CVE
added 2018/11/29 6:29 p.m.191 views

CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

9.8CVSS9.7AI score0.15752EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.190 views

CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.8AI score0.39485EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.190 views

CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

5.5CVSS5.8AI score0.0005EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.190 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.02845EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.190 views

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR <...

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.189 views

CVE-2016-4470

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

5.5CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.189 views

CVE-2017-10193

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.7AI score0.00379EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.189 views

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox

8.1CVSS7.4AI score0.40828EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.189 views

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Fire...

9.8CVSS6.9AI score0.02663EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.188 views

CVE-2017-3238

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro...

6.5CVSS5.8AI score0.0379EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.187 views

CVE-2018-5103

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
Total number of security vulnerabilities1054