Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2018/10/17 1:31 a.m.292 views

CVE-2018-3136

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.4CVSS4.7AI score0.00162EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.292 views

CVE-2019-2987

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vu...

4.3CVSS4.1AI score0.00398EPSS
CVE
CVE
added 2018/07/05 6:29 p.m.291 views

CVE-2018-12910

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

9.8CVSS8.7AI score0.06804EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.291 views

CVE-2019-2992

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00581EPSS
CVE
CVE
added 2018/05/15 4:29 p.m.290 views

CVE-2018-1087

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch o...

8CVSS6.3AI score0.0003EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.289 views

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

6.8CVSS6.7AI score0.00491EPSS
CVE
CVE
added 2018/04/24 6:29 a.m.288 views

CVE-2018-10322

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.

5.5CVSS6.5AI score0.00051EPSS
CVE
CVE
added 2018/07/30 4:29 p.m.287 views

CVE-2018-10883

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

5.5CVSS6.1AI score0.00077EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.286 views

CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

5.8CVSS4.9AI score0.00409EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.285 views

CVE-2017-14495

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

7.5CVSS8.2AI score0.45332EPSS
CVE
CVE
added 2018/07/10 9:29 p.m.284 views

CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

5.6CVSS6.3AI score0.01192EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.283 views

CVE-2015-2787

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an ...

7.5CVSS8.1AI score0.81778EPSS
Web
CVE
CVE
added 2019/02/05 9:29 p.m.283 views

CVE-2018-18505

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...

10CVSS7.2AI score0.0372EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.283 views

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8CVSS7.1AI score0.03709EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.283 views

CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.02219EPSS
CVE
CVE
added 2023/11/03 8:15 a.m.283 views

CVE-2023-46847

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

8.6CVSS8.8AI score0.44512EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.282 views

CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

9.8CVSS7.5AI score0.02895EPSS
CVE
CVE
added 2020/01/31 10:15 p.m.281 views

CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.3AI score0.09808EPSS
CVE
CVE
added 2019/01/12 2:29 a.m.281 views

CVE-2018-20699

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

4.9CVSS5AI score0.00129EPSS
CVE
CVE
added 2020/10/27 9:15 p.m.281 views

CVE-2019-8846

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execut...

9.3CVSS8.3AI score0.0057EPSS
CVE
CVE
added 2020/01/31 10:15 p.m.280 views

CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09808EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.280 views

CVE-2019-2762

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00341EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.279 views

CVE-2013-1548

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

3.5CVSS4.3AI score0.00582EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.279 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01328EPSS
CVE
CVE
added 2018/10/22 4:29 p.m.278 views

CVE-2018-18559

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multi...

8.1CVSS7.6AI score0.01184EPSS
CVE
CVE
added 2018/02/01 2:29 p.m.278 views

CVE-2018-6485

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

9.8CVSS8.4AI score0.00663EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.278 views

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

7.8CVSS8.1AI score0.51412EPSS
CVE
CVE
added 2017/06/19 4:29 p.m.276 views

CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.4AI score0.07279EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.276 views

CVE-2019-8815

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary c...

9.3CVSS8.6AI score0.00849EPSS
CVE
CVE
added 2018/07/26 6:29 p.m.275 views

CVE-2018-10878

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

7.8CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2019/12/23 1:15 a.m.275 views

CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

7.5CVSS8.2AI score0.01475EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.274 views

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7AI score0.03249EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.274 views

CVE-2020-6408

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

6.5CVSS6AI score0.01231EPSS
CVE
CVE
added 2018/09/04 4:29 p.m.273 views

CVE-2018-10930

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

6.5CVSS7AI score0.00776EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.272 views

CVE-2016-0758

Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

7.8CVSS7.6AI score0.00204EPSS
CVE
CVE
added 2018/07/09 1:29 p.m.272 views

CVE-2018-13785

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

6.5CVSS7.7AI score0.02195EPSS
CVE
CVE
added 2019/12/18 6:15 a.m.272 views

CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

7.5CVSS7.8AI score0.01213EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.272 views

CVE-2019-8844

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead...

9.3CVSS8.6AI score0.02465EPSS
CVE
CVE
added 2017/12/15 9:29 a.m.271 views

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default va...

9.3CVSS7.5AI score0.86747EPSS
Web
CVE
CVE
added 2018/05/24 1:29 p.m.271 views

CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have bee...

9.1CVSS7.5AI score0.02174EPSS
CVE
CVE
added 2018/10/17 7:29 p.m.271 views

CVE-2018-18445

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

7.8CVSS7.2AI score0.00044EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.270 views

CVE-2018-2799

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network ...

5.3CVSS5AI score0.0014EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.270 views

CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

7.8CVSS7AI score0.00084EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.270 views

CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

5.5CVSS6.9AI score0.00108EPSS
CVE
CVE
added 2013/03/05 9:38 p.m.269 views

CVE-2012-3411

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

5CVSS6.3AI score0.01144EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.268 views

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name o...

7.5CVSS7.9AI score0.19051EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.268 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.28802EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.268 views

CVE-2020-6392

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

4.3CVSS5.1AI score0.01736EPSS
CVE
CVE
added 2018/03/30 9:29 p.m.267 views

CVE-2018-7566

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

7.8CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2018/09/05 6:29 a.m.266 views

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

9.3CVSS7.2AI score0.91799EPSS
Total number of security vulnerabilities1890