Lucene search

K
RedhatEnterprise Linux5.0

27 matches found

CVE
CVE
added 2019/09/20 7:15 p.m.744 views

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9.1AI score0.00289EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.712 views

CVE-2019-11477

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182...

7.8CVSS7.5AI score0.76442EPSS
CVE
CVE
added 2019/09/20 7:15 p.m.688 views

CVE-2019-14814

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9AI score0.00254EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.558 views

CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS6.4AI score0.27962EPSS
CVE
CVE
added 2019/11/27 1:15 p.m.352 views

CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of r...

7.8CVSS7.6AI score0.00526EPSS
CVE
CVE
added 2019/04/11 4:29 p.m.317 views

CVE-2019-3459

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5CVSS6.8AI score0.00199EPSS
CVE
CVE
added 2019/12/19 6:15 p.m.305 views

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

7.5CVSS7.5AI score0.00228EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.258 views

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript ...

7.8CVSS7.7AI score0.62738EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.225 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01038EPSS
CVE
CVE
added 2019/11/13 9:15 p.m.168 views

CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

7.5CVSS7.4AI score0.0157EPSS
CVE
CVE
added 2019/11/15 4:15 p.m.131 views

CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5CVSS7.2AI score0.00646EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.110 views

CVE-2011-2726

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access...

7.5CVSS7.5AI score0.00379EPSS
CVE
CVE
added 2019/12/31 8:15 p.m.101 views

CVE-2011-3585

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

4.7CVSS4.3AI score0.0055EPSS
CVE
CVE
added 2019/11/26 4:15 a.m.89 views

CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user...

8.8CVSS8.7AI score0.04155EPSS
CVE
CVE
added 2019/11/26 4:15 a.m.88 views

CVE-2011-3632

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

7.1CVSS7.3AI score0.00132EPSS
CVE
CVE
added 2019/11/26 4:15 a.m.86 views

CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink execu...

8.8CVSS8.9AI score0.03115EPSS
CVE
CVE
added 2019/11/01 1:15 p.m.85 views

CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation fault

5.5CVSS5.4AI score0.00518EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.82 views

CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

9.8CVSS9.5AI score0.04547EPSS
CVE
CVE
added 2019/11/05 10:15 p.m.66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS
CVE
CVE
added 2019/11/22 5:15 p.m.65 views

CVE-2012-0877

PyXML: Hash table collisions CPU usage Denial of Service

7.8CVSS7.5AI score0.00543EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.61 views

CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

7.8CVSS7.8AI score0.00218EPSS
CVE
CVE
added 2019/11/25 2:15 p.m.55 views

CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

6.5CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2019/11/12 2:15 p.m.53 views

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

9.8CVSS9.6AI score0.00985EPSS
CVE
CVE
added 2019/11/25 2:15 p.m.48 views

CVE-2012-5630

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

6.3CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.47 views

CVE-2012-5644

libuser has information disclosure when moving user's home directory

5.5CVSS5.6AI score0.00066EPSS
CVE
CVE
added 2019/11/19 4:15 p.m.44 views

CVE-2011-4967

tog-Pegasus has a package hash collision DoS vulnerability

7.5CVSS7.5AI score0.00669EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.42 views

CVE-2011-2717

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

10CVSS9.7AI score0.0068EPSS