Lucene search

K
RedhatEnterprise Linux Server Aus6.5

81 matches found

CVE
CVE
added 2014/04/07 10:55 p.m.3918 views

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.5AI score0.94462EPSS
CVE
CVE
added 2014/09/24 6:48 p.m.2727 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS
CVE
CVE
added 2014/09/25 1:55 a.m.1236 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS
CVE
CVE
added 2018/05/22 12:29 p.m.724 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS
CVE
CVE
added 2018/09/06 9:29 p.m.636 views

CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation hav...

7.8CVSS7.7AI score0.01732EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.592 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo...

9CVSS8.7AI score0.84563EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.583 views

CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, ...

7.5CVSS7.7AI score0.05766EPSS
CVE
CVE
added 2019/09/17 4:15 p.m.552 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migratio...

7.8CVSS8.3AI score0.00025EPSS
CVE
CVE
added 2018/04/06 1:29 p.m.527 views

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE...

7.8CVSS7.8AI score0.43395EPSS
CVE
CVE
added 2016/11/02 5:59 p.m.508 views

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

7.5CVSS7.4AI score0.4301EPSS
CVE
CVE
added 2018/08/06 8:29 p.m.439 views

CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.8CVSS7.5AI score0.19919EPSS
CVE
CVE
added 2018/10/08 3:29 p.m.423 views

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

8.8CVSS8.5AI score0.00361EPSS
CVE
CVE
added 2017/10/24 1:29 a.m.415 views

CVE-2017-12613

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap ...

7.1CVSS7.1AI score0.00216EPSS
CVE
CVE
added 2018/09/25 9:29 p.m.395 views

CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerab...

7.8CVSS7.3AI score0.02971EPSS
CVE
CVE
added 2018/03/13 6:29 p.m.387 views

CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demo...

9.8CVSS9.4AI score0.22204EPSS
CVE
CVE
added 2014/03/11 1:1 p.m.312 views

CVE-2014-0101

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system cra...

7.8CVSS5.9AI score0.03342EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.303 views

CVE-2019-3896

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

7.8CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2017/06/19 4:29 p.m.263 views

CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.4AI score0.07151EPSS
CVE
CVE
added 2014/03/21 2:55 p.m.243 views

CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

4.3CVSS7AI score0.05174EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.237 views

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

4.7CVSS4.9AI score0.00042EPSS
CVE
CVE
added 2014/02/21 5:7 a.m.210 views

CVE-2014-0502

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows rem...

10CVSS7.8AI score0.86341EPSS
CVE
CVE
added 2018/05/02 6:29 p.m.210 views

CVE-2018-10675

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

7.8CVSS7.6AI score0.00055EPSS
CVE
CVE
added 2014/02/05 5:15 a.m.205 views

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.8AI score0.93016EPSS
CVE
CVE
added 2019/04/09 6:29 p.m.197 views

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

7.5CVSS7.1AI score0.00723EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.183 views

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

7.5CVSS8.2AI score0.57035EPSS
CVE
CVE
added 2015/02/24 3:59 p.m.178 views

CVE-2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

5CVSS7.3AI score0.03151EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.163 views

CVE-2015-5364

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

7.8CVSS5.7AI score0.21228EPSS
CVE
CVE
added 2019/04/23 4:29 p.m.145 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.142 views

CVE-2013-5908

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

2.6CVSS6.8AI score0.05356EPSS
CVE
CVE
added 2018/07/26 5:29 p.m.142 views

CVE-2018-10901

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu ...

7.8CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.139 views

CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9....

7.5CVSS7.1AI score0.34706EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.134 views

CVE-2014-0412

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS7.6AI score0.00406EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.129 views

CVE-2015-5366

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability t...

5CVSS5.7AI score0.21228EPSS
CVE
CVE
added 2015/03/02 11:59 a.m.124 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.121 views

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

3.3CVSS7.5AI score0.00517EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.119 views

CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5CVSS7.6AI score0.0038EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.119 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.118 views

CVE-2014-0402

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

4CVSS7.6AI score0.00413EPSS
CVE
CVE
added 2014/08/01 11:13 a.m.116 views

CVE-2014-5077

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an...

7.1CVSS6.2AI score0.14696EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.110 views

CVE-2014-0386

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.6AI score0.00413EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.110 views

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

4CVSS7.8AI score0.00413EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.109 views

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory co...

7.2CVSS6.5AI score0.00091EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.102 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

9.8CVSS9.2AI score0.75716EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.98 views

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage c...

10CVSS9.4AI score0.1791EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.96 views

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS10AI score0.02752EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF doc...

8.8CVSS9.4AI score0.0081EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.93 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.92 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.92 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.07799EPSS
Total number of security vulnerabilities81