Lucene search

K
RedhatEnterprise Linux Server Aus

1054 matches found

CVE
CVE
added 2017/01/28 1:59 a.m.144 views

CVE-2017-5202

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

9.8CVSS9.5AI score0.0108EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.144 views

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.07258EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.143 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00501EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.143 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS
CVE
CVE
added 2018/07/27 9:29 p.m.143 views

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw ...

9.9CVSS8AI score0.01523EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.143 views

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, a...

10CVSS8.8AI score0.03433EPSS
CVE
CVE
added 2018/03/23 9:29 p.m.143 views

CVE-2018-1000140

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se...

9.8CVSS9.7AI score0.43633EPSS
CVE
CVE
added 2018/02/19 3:29 p.m.143 views

CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packe...

9.8CVSS8.7AI score0.03567EPSS
CVE
CVE
added 2009/08/27 5:30 p.m.142 views

CVE-2009-2698

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

7.8CVSS7.1AI score0.23091EPSS
CVE
CVE
added 2013/02/08 7:55 p.m.142 views

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.7AI score0.0143EPSS
CVE
CVE
added 2016/05/11 9:59 p.m.142 views

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

8.8CVSS8.7AI score0.0012EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.141 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

9.8CVSS9.2AI score0.77563EPSS
CVE
CVE
added 2015/01/09 9:59 p.m.141 views

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1CVSS4.9AI score0.00045EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.141 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0441EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.141 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

5.9CVSS7.1AI score0.03535EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.141 views

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

4.3CVSS5.4AI score0.21888EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.141 views

CVE-2018-16541

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

5.5CVSS6.2AI score0.00454EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.140 views

CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

4CVSS4.6AI score0.00524EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.140 views

CVE-2016-0616

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS4.8AI score0.00573EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.140 views

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS8.8AI score0.00595EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.140 views

CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1,...

7.5CVSS7.7AI score0.00762EPSS
CVE
CVE
added 2019/04/09 2:29 a.m.140 views

CVE-2019-0757

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

6.5CVSS6.1AI score0.08047EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.139 views

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage c...

10CVSS9.4AI score0.1791EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.139 views

CVE-2015-5366

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability t...

5CVSS5.7AI score0.21228EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.139 views

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

10CVSS9AI score0.02397EPSS
CVE
CVE
added 2019/10/14 8:15 p.m.139 views

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks ...

7.4CVSS7AI score0.00287EPSS
CVE
CVE
added 2015/01/09 9:59 p.m.138 views

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

2.1CVSS4.5AI score0.00155EPSS
CVE
CVE
added 2017/12/07 2:29 a.m.138 views

CVE-2017-15121

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

5.5CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.138 views

CVE-2017-7828

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

9.8CVSS8.2AI score0.29907EPSS
CVE
CVE
added 2023/05/17 10:15 p.m.138 views

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise L...

7.8CVSS7.8AI score0.00063EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.137 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00573EPSS
CVE
CVE
added 2016/10/25 2:29 p.m.137 views

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

6.8CVSS5.5AI score0.01122EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.137 views

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.00573EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.137 views

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS7AI score0.36848EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.137 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper symli...

7.5CVSS6.5AI score0.0074EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.136 views

CVE-2013-0748

The XBL.proto .toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR pro...

4.3CVSS9.2AI score0.00306EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.136 views

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS10AI score0.02752EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.136 views

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF doc...

8.8CVSS9.4AI score0.0081EPSS
CVE
CVE
added 2015/03/02 11:59 a.m.135 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.135 views

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

6.5CVSS5.5AI score0.01195EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.135 views

CVE-2018-5183

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR

9.8CVSS7.2AI score0.03014EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.134 views

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

3.3CVSS7.5AI score0.00449EPSS
CVE
CVE
added 2017/06/22 9:29 p.m.134 views

CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

6.5CVSS6.7AI score0.00778EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.133 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.133 views

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1CVSS6.2AI score0.2622EPSS
CVE
CVE
added 2018/04/23 6:29 p.m.133 views

CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

9.8CVSS9.5AI score0.01309EPSS
CVE
CVE
added 2022/02/16 5:15 p.m.133 views

CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat ...

7.8CVSS7.3AI score0.00018EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.132 views

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7CVSS4.8AI score0.00965EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.132 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

6.5CVSS7.1AI score0.00908EPSS
CVE
CVE
added 2016/01/21 3:1 a.m.131 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00165EPSS
Total number of security vulnerabilities1054