Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Server Aus7.6

478 matches found

CVE
CVEadded 2015/05/14 10:59 a.m.91 views

CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v...

6.8CVSS8AI score0.07609EPSS
CVE
CVEadded 2019/11/04 9:15 p.m.91 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS
CVE
CVEadded 2018/08/20 9:29 p.m.89 views

CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.8AI score0.00145EPSS
CVE
CVEadded 2014/07/20 11:12 a.m.88 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS
CVE
CVEadded 2019/11/04 9:15 p.m.88 views

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.6AI score0.00272EPSS
CVE
CVEadded 2017/07/25 2:29 p.m.88 views

CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

7.8CVSS7.2AI score0.00166EPSS
CVE
CVEadded 2014/11/14 3:59 p.m.87 views

CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

5CVSS5.8AI score0.03847EPSS
CVE
CVEadded 2017/10/05 9:29 p.m.87 views

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checko...

9.8CVSS9.6AI score0.06022EPSS
CVE
CVEadded 2014/04/16 2:55 a.m.85 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

3.5CVSS3.9AI score0.00679EPSS
CVE
CVEadded 2014/12/12 3:59 p.m.85 views

CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

7.5CVSS7.1AI score0.02455EPSS
CVE
CVEadded 2016/05/25 3:59 p.m.85 views

CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

6.5CVSS6.4AI score0.00085EPSS
CVE
CVEadded 2014/06/05 8:55 p.m.84 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.07656EPSS
CVE
CVEadded 2017/02/16 11:59 a.m.84 views

CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a fai...

5.5CVSS5.8AI score0.0028EPSS
CVE
CVEadded 2018/09/27 8:29 p.m.84 views

CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tm...

5.9CVSS4.7AI score0.00045EPSS
CVE
CVEadded 2017/01/23 9:59 p.m.82 views

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.5CVSS7AI score0.01283EPSS
CVE
CVEadded 2017/10/18 8:29 p.m.81 views

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

9.8CVSS9AI score0.10892EPSS
CVE
CVEadded 2017/02/16 11:59 a.m.80 views

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVEadded 2014/12/16 11:59 p.m.79 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVEadded 2017/03/15 7:59 p.m.79 views

CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

6.5CVSS6.3AI score0.00228EPSS
CVE
CVEadded 2017/02/16 11:59 a.m.79 views

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVEadded 2018/03/12 3:29 p.m.78 views

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

6.5CVSS6.5AI score0.00295EPSS
CVE
CVEadded 2017/08/22 6:29 p.m.78 views

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

8.8CVSS7.6AI score0.01645EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.77 views

CVE-2016-7163

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

7.8CVSS8AI score0.00337EPSS
CVE
CVEadded 2017/02/09 3:59 p.m.77 views

CVE-2017-5848

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

7.5CVSS7AI score0.05482EPSS
CVE
CVEadded 2018/02/02 2:29 p.m.75 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

8.8CVSS8.4AI score0.00094EPSS
CVE
CVEadded 2014/06/05 8:55 p.m.73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS
CVE
CVEadded 2020/01/14 6:15 p.m.68 views

CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

6.5CVSS6AI score0.00535EPSS
CVE
CVEadded 2017/10/18 8:29 p.m.68 views

CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8CVSS9AI score0.06044EPSS
Total number of security vulnerabilities478