Lucene search

K
RedhatEnterprise Linux Server5.0

339 matches found

CVE
CVE
added 2014/09/24 6:48 p.m.2727 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS
CVE
CVE
added 2012/05/11 10:15 a.m.1639 views

CVE-2012-1823

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS9.9AI score0.94386EPSS
CVE
CVE
added 2014/09/25 1:55 a.m.1236 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS
CVE
CVE
added 2013/07/10 8:55 p.m.1201 views

CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain hr...

4.3CVSS6.2AI score0.33441EPSS
CVE
CVE
added 2012/06/16 9:55 p.m.1133 views

CVE-2012-1723

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t...

10CVSS8.4AI score0.94093EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.1105 views

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

10CVSS4.2AI score0.76849EPSS
CVE
CVE
added 2013/06/10 5:55 p.m.1098 views

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

5.1CVSS6.9AI score0.38401EPSS
CVE
CVE
added 2016/11/01 10:59 p.m.1092 views

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

9.3CVSS9AI score0.46889EPSS
CVE
CVE
added 2013/06/26 3:19 a.m.1087 views

CVE-2013-1690

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possi...

9.3CVSS7.4AI score0.48488EPSS
CVE
CVE
added 2012/06/09 12:55 a.m.1058 views

CVE-2012-2034

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.25628EPSS
CVE
CVE
added 2015/04/14 10:59 p.m.1016 views

CVE-2015-3043

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different ...

10CVSS7.7AI score0.86036EPSS
CVE
CVE
added 2013/05/16 11:45 a.m.998 views

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sen...

6.5CVSS8.7AI score0.02572EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.993 views

CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

10CVSS9.8AI score0.92777EPSS
CVE
CVE
added 2015/12/28 11:59 p.m.974 views

CVE-2015-8651

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code ...

9.3CVSS9.6AI score0.89783EPSS
CVE
CVE
added 2012/08/15 10:31 a.m.965 views

CVE-2012-1535

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF c...

9.3CVSS7.7AI score0.923EPSS
CVE
CVE
added 2015/10/15 10:59 a.m.961 views

CVE-2015-7645

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

9.3CVSS8.7AI score0.84843EPSS
CVE
CVE
added 2015/07/08 2:59 p.m.952 views

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of ...

10CVSS7.8AI score0.93165EPSS
CVE
CVE
added 2015/10/22 12:0 a.m.932 views

CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.3CVSS5.5AI score0.06707EPSS
CVE
CVE
added 2015/08/08 12:59 a.m.899 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wi...

8.8CVSS6.6AI score0.7594EPSS
CVE
CVE
added 2015/07/14 10:59 a.m.898 views

CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installa...

10CVSS9.6AI score0.92389EPSS
CVE
CVE
added 2015/07/14 10:59 a.m.885 views

CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

10CVSS9.6AI score0.45202EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.884 views

CVE-2016-4171

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

10CVSS9.6AI score0.26006EPSS
CVE
CVE
added 2009/07/10 3:30 p.m.872 views

CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

7.1CVSS7.3AI score0.20931EPSS
CVE
CVE
added 2015/04/01 2:0 a.m.846 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS
CVE
CVE
added 2009/07/05 4:30 p.m.693 views

CVE-2009-1890

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of servic...

7.1CVSS7.2AI score0.2152EPSS
CVE
CVE
added 2016/04/21 11:0 a.m.658 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.93626EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.608 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.05563EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.592 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo...

9CVSS8.7AI score0.84563EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.546 views

CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

7.5CVSS7.2AI score0.84964EPSS
CVE
CVE
added 2016/11/02 5:59 p.m.508 views

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

7.5CVSS7.4AI score0.4301EPSS
CVE
CVE
added 2008/01/25 1:0 a.m.443 views

CVE-2008-0455

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uplo...

4.3CVSS5AI score0.3456EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.355 views

CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

9.8CVSS9.6AI score0.27685EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.319 views

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

8.8CVSS8.7AI score0.01236EPSS
CVE
CVE
added 2012/06/09 12:55 a.m.269 views

CVE-2012-2037

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.25628EPSS
CVE
CVE
added 2007/03/30 12:19 a.m.248 views

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

5CVSS7.2AI score0.17682EPSS
CVE
CVE
added 2008/01/25 1:0 a.m.245 views

CVE-2008-0456

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response...

2.6CVSS7.2AI score0.17838EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.237 views

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

4.7CVSS4.9AI score0.00042EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.235 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2008/06/13 6:41 p.m.232 views

CVE-2008-2364

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of inter...

5CVSS7.2AI score0.02064EPSS
CVE
CVE
added 2013/05/29 2:29 p.m.224 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as...

5CVSS5.3AI score0.48591EPSS
CVE
CVE
added 2014/02/21 5:7 a.m.210 views

CVE-2014-0502

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows rem...

10CVSS7.8AI score0.86341EPSS
CVE
CVE
added 2017/02/03 7:59 p.m.209 views

CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

7.1CVSS7.9AI score0.00873EPSS
CVE
CVE
added 2014/02/05 5:15 a.m.205 views

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.8AI score0.93016EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.192 views

CVE-2013-0753

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

9.3CVSS9.5AI score0.8806EPSS
CVE
CVE
added 2007/06/27 5:30 p.m.191 views

CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with bro...

4.3CVSS5.7AI score0.15092EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.190 views

CVE-2013-0758

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging impr...

9.3CVSS9.4AI score0.87365EPSS
CVE
CVE
added 2011/07/18 10:55 p.m.183 views

CVE-2011-1093

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference an...

7.8CVSS6.8AI score0.01222EPSS
CVE
CVE
added 2014/04/27 12:55 a.m.180 views

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdou...

2.1CVSS6AI score0.00027EPSS
CVE
CVE
added 2009/08/14 3:16 p.m.177 views

CVE-2009-2692

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on ...

7.8CVSS7.6AI score0.18141EPSS
CVE
CVE
added 2015/12/06 8:59 p.m.175 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02068EPSS
Total number of security vulnerabilities339