Lucene search

K
RedhatEnterprise Linux Server Aus

220 matches found

CVE
CVE
added 2019/04/23 7:32 p.m.255 views

CVE-2019-2596

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00381EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.255 views

CVE-2019-2626

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS4.8AI score0.00295EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.255 views

CVE-2019-2635

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Success...

4.9CVSS4.8AI score0.00427EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.255 views

CVE-2019-2780

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.9CVSS4.8AI score0.00586EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.255 views

CVE-2019-2834

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS6.2AI score0.00422EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.255 views

CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...

9.8CVSS9.9AI score0.02189EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.254 views

CVE-2019-2580

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.8AI score0.00408EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.254 views

CVE-2019-2691

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.8AI score0.00427EPSS
CVE
CVE
added 2019/01/29 12:29 a.m.254 views

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-o...

5.5CVSS6.9AI score0.00136EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.253 views

CVE-2019-2623

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.3CVSS5.2AI score0.00753EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.253 views

CVE-2019-2685

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.253 views

CVE-2019-2803

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS5AI score0.0027EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.252 views

CVE-2019-2687

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00415EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.251 views

CVE-2019-2589

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS4.8AI score0.00598EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.251 views

CVE-2019-2694

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.1AI score0.00333EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.251 views

CVE-2019-2815

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS5AI score0.0027EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.250 views

CVE-2019-2795

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful ...

6.5CVSS6.2AI score0.01164EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.250 views

CVE-2019-2802

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS5AI score0.0027EPSS
CVE
CVE
added 2019/02/20 12:29 a.m.249 views

CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

9.8CVSS9.7AI score0.01979EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.247 views

CVE-2019-2688

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.247 views

CVE-2019-2798

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.8AI score0.0027EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.247 views

CVE-2019-2810

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.9AI score0.0027EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.247 views

CVE-2019-2812

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.2AI score0.00341EPSS
CVE
CVE
added 2019/09/04 12:15 p.m.246 views

CVE-2019-15718

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus meth...

4.4CVSS4.7AI score0.00098EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.246 views

CVE-2019-2631

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

4.9CVSS4.8AI score0.00427EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.245 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.32159EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.244 views

CVE-2019-2801

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS5AI score0.0027EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.242 views

CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabili...

8.8CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2019/02/06 9:29 p.m.238 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

7.8CVSS9AI score0.01109EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.235 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

9.8CVSS8.1AI score0.06662EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.234 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.03064EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.233 views

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local at...

7.8CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.231 views

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS6.3AI score0.01339EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.227 views

CVE-2018-18493

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < ...

9.8CVSS7.6AI score0.09156EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.226 views

CVE-2018-18492

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

9.8CVSS7.5AI score0.27057EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.225 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01038EPSS
CVE
CVE
added 2019/02/04 6:29 p.m.223 views

CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

7.5CVSS7.4AI score0.00272EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.222 views

CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5CVSS6.2AI score0.00102EPSS
CVE
CVE
added 2019/03/27 8:29 p.m.221 views

CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8CVSS9.5AI score0.00868EPSS
CVE
CVE
added 2019/07/31 10:15 p.m.220 views

CVE-2019-10182

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

8.2CVSS7AI score0.01428EPSS
CVE
CVE
added 2019/01/03 1:29 p.m.214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.214 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03188EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.213 views

CVE-2018-18498

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox &lt...

9.8CVSS7.4AI score0.02443EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.212 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.03282EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.208 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderb...

6.5CVSS7AI score0.01337EPSS
CVE
CVE
added 2019/07/22 3:15 p.m.199 views

CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

6.5CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2019/04/09 6:29 p.m.197 views

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

7.5CVSS7.1AI score0.00723EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.187 views

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

9.8CVSS7.2AI score0.05334EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.176 views

CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b...

7.5CVSS6.4AI score0.35731EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.174 views

CVE-2018-12390

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

9.8CVSS8.3AI score0.06392EPSS
Total number of security vulnerabilities220