Lucene search

K
RedhatEnterprise Linux Server Aus

1054 matches found

CVE
CVE
added 2016/05/20 10:59 a.m.131 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS
CVE
CVE
added 2018/07/27 9:29 p.m.131 views

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

7.5CVSS7.7AI score0.03467EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.130 views

CVE-2013-0744

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 ...

9.3CVSS9.6AI score0.13449EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.130 views

CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5CVSS7.6AI score0.00461EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.130 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.130 views

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

6.5CVSS5.5AI score0.00642EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.130 views

CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

4.9CVSS5AI score0.01013EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.129 views

CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

2.1CVSS5.8AI score0.00055EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.129 views

CVE-2013-0746

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allo...

9.3CVSS9.5AI score0.02359EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.129 views

CVE-2014-0402

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

4CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2015/12/02 1:59 a.m.129 views

CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encou...

9.8CVSS7.6AI score0.10015EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.129 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00419EPSS
CVE
CVE
added 2018/11/08 8:29 p.m.129 views

CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

9.8CVSS9.8AI score0.06961EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.129 views

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52...

8.1CVSS7.1AI score0.18624EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.128 views

CVE-2014-1493

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS9.8AI score0.01468EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.128 views

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appl...

8.8CVSS9.4AI score0.00502EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.128 views

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

4CVSS5.2AI score0.01015EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.128 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00508EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.128 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00476EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.128 views

CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

7.5CVSS6.4AI score0.38912EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.127 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application cras...

9.1CVSS9.1AI score0.00986EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.127 views

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap ...

9.8CVSS8.3AI score0.04891EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.127 views

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

4CVSS4.8AI score0.00543EPSS
CVE
CVE
added 2019/03/26 6:29 p.m.127 views

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.7AI score0.03208EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.126 views

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9.4AI score0.02025EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.126 views

CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS9.5AI score0.04165EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.126 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00508EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.126 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00369EPSS
CVE
CVE
added 2017/01/28 1:59 a.m.126 views

CVE-2017-5205

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

9.8CVSS9.5AI score0.0108EPSS
CVE
CVE
added 2018/09/05 6:29 a.m.126 views

CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

7.8CVSS7.1AI score0.00371EPSS
CVE
CVE
added 2018/02/07 9:29 p.m.126 views

CVE-2018-6574

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

7.8CVSS6.8AI score0.33951EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.125 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00362EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.125 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.0095EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.125 views

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox

9.8CVSS7.6AI score0.00365EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.124 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.124 views

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of s...

9.8CVSS8.4AI score0.06412EPSS
CVE
CVE
added 2014/08/01 11:13 a.m.124 views

CVE-2014-5077

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an...

7.1CVSS6.2AI score0.14696EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.124 views

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.8AI score0.00501EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.124 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.0062EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.124 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.124 views

CVE-2017-5451

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbi...

4.3CVSS5.7AI score0.00588EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.124 views

CVE-2017-5455

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox

7.5CVSS8.3AI score0.02784EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.123 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.123 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.123 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.123 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.123 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01788EPSS
CVE
CVE
added 2017/09/14 6:29 a.m.123 views

CVE-2017-12899

The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

9.8CVSS9.3AI score0.0206EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.122 views

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5CVSS4.8AI score0.00536EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.122 views

CVE-2016-4300

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

7.8CVSS8.2AI score0.0177EPSS
Total number of security vulnerabilities1054