Lucene search

K
RedhatEnterprise Linux Server Tus

765 matches found

CVE
CVE
added 2015/07/16 11:0 a.m.124 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.0062EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.124 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.123 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.123 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.123 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.123 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.123 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01788EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.122 views

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5CVSS4.8AI score0.00536EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.122 views

CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

5.5CVSS6AI score0.00352EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.121 views

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via...

10CVSS9.6AI score0.11056EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.121 views

CVE-2014-0386

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.121 views

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

4CVSS7.8AI score0.00501EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.121 views

CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

10CVSS8.8AI score0.10821EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.121 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl...

4.6CVSS5.6AI score0.00075EPSS
Web
CVE
CVE
added 2015/04/16 4:59 p.m.121 views

CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

3.5CVSS4.8AI score0.00468EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.121 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.01214EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.121 views

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird

9.8CVSS9.6AI score0.03014EPSS
CVE
CVE
added 2014/04/16 12:55 a.m.120 views

CVE-2014-0384

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

4CVSS3.8AI score0.01029EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.120 views

CVE-2014-1523

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

6.5CVSS7.5AI score0.0054EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.120 views

CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corr...

9.3CVSS8.3AI score0.05086EPSS
CVE
CVE
added 2017/11/20 8:29 p.m.120 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into...

5.5CVSS5.4AI score0.01063EPSS
CVE
CVE
added 2015/06/15 3:59 p.m.119 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.119 views

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

4.6CVSS5AI score0.00704EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.118 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.118 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1CVSS4.3AI score0.00819EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.118 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

4CVSS4.8AI score0.00555EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.118 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.118 views

CVE-2016-9811

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

4.7CVSS4.8AI score0.00485EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.118 views

CVE-2018-5185

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

6.5CVSS7.3AI score0.0034EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.117 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web sit...

6.1CVSS6.9AI score0.00865EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.117 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.117 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.117 views

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

7.5CVSS8.2AI score0.02142EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.116 views

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory co...

7.2CVSS6.5AI score0.00049EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.116 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2018/03/12 2:29 a.m.116 views

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in ti...

8.8CVSS7.6AI score0.00778EPSS
CVE
CVE
added 2018/04/23 8:29 p.m.116 views

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

5.5CVSS5.2AI score0.0003EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.116 views

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

7.4CVSS7.5AI score0.00084EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.115 views

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for...

9.3CVSS7.9AI score0.00906EPSS
CVE
CVE
added 2015/01/21 3:28 p.m.115 views

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

3.5CVSS6.1AI score0.00478EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.115 views

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS6.1AI score0.00353EPSS
CVE
CVE
added 2016/01/12 7:59 p.m.115 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

8.6CVSS7.9AI score0.05081EPSS
CVE
CVE
added 2015/08/12 2:59 p.m.115 views

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3CVSS6.5AI score0.10855EPSS
CVE
CVE
added 2016/07/21 10:14 a.m.115 views

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3CVSS4.6AI score0.03131EPSS
CVE
CVE
added 2025/04/03 3:15 a.m.115 views

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

7CVSS7AI score0.00874EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.114 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

2.6CVSS4.2AI score0.01132EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.114 views

CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

7.5CVSS7.5AI score0.01805EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.114 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.00273EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.114 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.114 views

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

7.5CVSS7.2AI score0.00789EPSS
Total number of security vulnerabilities765