Enterprise Linux Server Aus Security Vulnerabilities and Issues — Page 20 of Enterprise Linux Server Aus CVE List

Lucene search

RedhatEnterprise Linux Server Aus

1054 matches found

CVE•added 2016/05/11 9:59 p.m.•104 views

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

5.5CVSS6.4AI score0.00116EPSS

CVE•added 2016/06/01 10:59 p.m.•104 views

CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

7.8CVSS7.9AI score0.00195EPSS

CVE•added 2018/06/11 9:29 p.m.•104 views

CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

4.3CVSS5.9AI score0.01228EPSS

CVE•added 2013/12/11 3:55 p.m.•103 views

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

10CVSS9.6AI score0.10399EPSS

CVE•added 2018/06/11 9:29 p.m.•103 views

CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird

5.3CVSS6.1AI score0.01887EPSS

CVE•added 2009/03/06 11:30 a.m.•102 views

CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS4.6AI score0.00104EPSS

CVE•added 2013/01/13 8:55 p.m.•102 views

CVE-2013-0766

Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to exe...

9.3CVSS9.5AI score0.02851EPSS

CVE•added 2014/11/01 11:55 p.m.•102 views

CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

2.1CVSS6.1AI score0.00092EPSS

CVE•added 2018/08/01 4:29 p.m.•102 views

CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

7.8CVSS7.8AI score0.00234EPSS

CVE•added 2011/04/10 2:51 a.m.•101 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS

CVE•added 2012/06/05 11:55 p.m.•101 views

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) m...

9.3CVSS9.9AI score0.01248EPSS

CVE•added 2013/04/17 12:14 p.m.•101 views

CVE-2013-1506

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

2.8CVSS4.3AI score0.00552EPSS

CVE•added 2014/03/19 10:55 a.m.•101 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS

CVE•added 2016/06/13 10:59 a.m.•101 views

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.3AI score0.00499EPSS

CVE•added 2016/09/21 2:25 p.m.•101 views

CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

5.5CVSS6.1AI score0.00246EPSS

CVE•added 2018/06/11 9:29 p.m.•101 views

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Fi...

8.8CVSS8AI score0.01024EPSS

CVE•added 2013/01/13 8:55 p.m.•100 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS

CVE•added 2013/04/17 12:19 p.m.•100 views

CVE-2013-1531

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

6.5CVSS4.3AI score0.00473EPSS

CVE•added 2018/07/27 7:29 p.m.•100 views

CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

6.5CVSS5.5AI score0.00558EPSS

CVE•added 2018/06/11 9:29 p.m.•100 views

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

7.5CVSS7.6AI score0.01484EPSS

CVE•added 2013/01/13 8:55 p.m.•99 views

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denia...

9.3CVSS9.9AI score0.01145EPSS

CVE•added 2017/02/15 7:59 p.m.•99 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS

CVE•added 2014/06/05 8:55 p.m.•98 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.06623EPSS

CVE•added 2016/05/25 3:59 p.m.•98 views

CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

6.5CVSS6.4AI score0.00064EPSS

CVE•added 2018/06/11 9:29 p.m.•98 views

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.01973EPSS

CVE•added 2017/07/25 2:29 p.m.•98 views

CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

7.8CVSS7.2AI score0.00166EPSS

CVE•added 2013/04/17 12:19 p.m.•97 views

CVE-2013-1521

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

6.5CVSS4.3AI score0.00465EPSS

CVE•added 2013/10/16 5:55 p.m.•97 views

CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn...

10CVSS6.3AI score0.14276EPSS

CVE•added 2014/11/14 3:59 p.m.•97 views

CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

5CVSS5.8AI score0.03847EPSS

CVE•added 2015/05/14 10:59 a.m.•97 views

CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v...

6.8CVSS8AI score0.07609EPSS

CVE•added 2018/01/12 12:29 a.m.•97 views

CVE-2018-5345

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

7.8CVSS7.7AI score0.00752EPSS

CVE•added 2014/04/16 2:55 a.m.•96 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

3.5CVSS3.9AI score0.01187EPSS

CVE•added 2014/12/12 3:59 p.m.•96 views

CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

7.5CVSS7.1AI score0.02455EPSS

CVE•added 2015/07/06 3:59 p.m.•96 views

CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

5CVSS6AI score0.00094EPSS

CVE•added 2019/11/04 9:15 p.m.•96 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS

CVE•added 2013/04/17 12:19 p.m.•95 views

CVE-2013-1544

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

4CVSS4.3AI score0.00562EPSS

CVE•added 2011/03/15 5:55 p.m.•94 views

CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid point...

5.7CVSS6.2AI score0.00442EPSS

CVE•added 2013/04/17 5:55 p.m.•94 views

CVE-2013-2391

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

3CVSS4.2AI score0.00154EPSS

CVE•added 2015/07/02 9:59 p.m.•94 views

CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

7.5CVSS4.5AI score0.02501EPSS

CVE•added 2018/08/20 9:29 p.m.•94 views

CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.8AI score0.00145EPSS

CVE•added 2012/06/13 10:24 a.m.•93 views

CVE-2012-2313

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

1.2CVSS5.5AI score0.00224EPSS

CVE•added 2014/07/20 11:12 a.m.•93 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS

CVE•added 2018/07/27 6:29 p.m.•93 views

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

9.8CVSS9.5AI score0.01003EPSS

CVE•added 2019/11/04 9:15 p.m.•93 views

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.6AI score0.00272EPSS

CVE•added 2018/06/11 9:29 p.m.•93 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird

8.8CVSS8.2AI score0.01352EPSS

CVE•added 2013/01/13 8:55 p.m.•92 views

CVE-2013-0759

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in t...

5CVSS6.3AI score0.01368EPSS

CVE•added 2013/10/16 5:55 p.m.•92 views

CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerabilit...

10CVSS6.5AI score0.28031EPSS

CVE•added 2016/09/21 2:25 p.m.•92 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS

CVE•added 2017/10/05 9:29 p.m.•92 views

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checko...

9.8CVSS9.6AI score0.06022EPSS

CVE•added 2013/04/17 12:19 p.m.•91 views

CVE-2013-1532

4CVSS4.3AI score0.00622EPSS

Total number of security vulnerabilities1054