Lucene search

K
RedhatEnterprise Linux Server Aus

1054 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.122 views

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thu...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.122 views

CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

5.5CVSS6AI score0.00352EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.121 views

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via...

10CVSS9.6AI score0.11056EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.121 views

CVE-2014-0386

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.121 views

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

4CVSS7.8AI score0.00501EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.121 views

CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

10CVSS8.8AI score0.10821EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.121 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl...

4.6CVSS5.6AI score0.00075EPSS
Web
CVE
CVE
added 2015/04/16 4:59 p.m.121 views

CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

3.5CVSS4.8AI score0.00468EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.121 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.01214EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.121 views

CVE-2018-5144

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird

7.5CVSS7.8AI score0.04415EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.121 views

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird

9.8CVSS9.6AI score0.03014EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.120 views

CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial...

5CVSS5.5AI score0.00584EPSS
CVE
CVE
added 2014/04/16 12:55 a.m.120 views

CVE-2014-0384

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

4CVSS3.8AI score0.01029EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.120 views

CVE-2014-1523

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

6.5CVSS7.5AI score0.0054EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.120 views

CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corr...

9.3CVSS8.3AI score0.05086EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.120 views

CVE-2016-0505

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

6.8CVSS5AI score0.0093EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.120 views

CVE-2016-4302

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

7.8CVSS8.2AI score0.02337EPSS
CVE
CVE
added 2017/11/20 8:29 p.m.120 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into...

5.5CVSS5.4AI score0.01063EPSS
CVE
CVE
added 2011/09/06 4:55 p.m.119 views

CVE-2011-1776

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or ob...

6.1CVSS7.2AI score0.00123EPSS
CVE
CVE
added 2015/06/15 3:59 p.m.119 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.119 views

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

4.6CVSS5AI score0.00704EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.119 views

CVE-2016-0597

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS5AI score0.00595EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.119 views

CVE-2016-0598

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

3.5CVSS5AI score0.0041EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.119 views

CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

7.5CVSS7.1AI score0.0226EPSS
CVE
CVE
added 2018/07/27 8:29 p.m.119 views

CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

8.8CVSS8.6AI score0.03861EPSS
CVE
CVE
added 2023/07/24 4:15 p.m.119 views

CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

7.5CVSS7.1AI score0.0021EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.118 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.118 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1CVSS4.3AI score0.00819EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.118 views

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

6.9CVSS6.3AI score0.01034EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.118 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

4CVSS4.8AI score0.00555EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.118 views

CVE-2016-0596

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

4CVSS5.1AI score0.00595EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.118 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.118 views

CVE-2016-9811

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

4.7CVSS4.8AI score0.00485EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.118 views

CVE-2018-5185

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

6.5CVSS7.3AI score0.0034EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.117 views

CVE-2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

4.3CVSS6.2AI score0.01866EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.117 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web sit...

6.1CVSS6.9AI score0.00865EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.117 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.117 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.117 views

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5AI score0.0041EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.117 views

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

7.5CVSS8.2AI score0.02142EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.116 views

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory co...

7.2CVSS6.5AI score0.00049EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.116 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2018/03/12 2:29 a.m.116 views

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in ti...

8.8CVSS7.6AI score0.00778EPSS
CVE
CVE
added 2016/04/08 3:59 p.m.116 views

CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

7.5CVSS7.2AI score0.01EPSS
CVE
CVE
added 2016/07/19 2:0 a.m.116 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appl...

8.1CVSS7.7AI score0.87615EPSS
CVE
CVE
added 2018/04/23 8:29 p.m.116 views

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

5.5CVSS5.2AI score0.0003EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.116 views

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

7.4CVSS7.5AI score0.00084EPSS
CVE
CVE
added 2011/02/18 8:0 p.m.115 views

CVE-2010-4649

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

6.9CVSS6.6AI score0.00069EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.115 views

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for...

9.3CVSS7.9AI score0.00906EPSS
CVE
CVE
added 2015/01/21 3:28 p.m.115 views

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

3.5CVSS6.1AI score0.00478EPSS
Total number of security vulnerabilities1054