Lucene search

K
RedhatEnterprise Linux Server

29 matches found

CVE
CVE
added 2008/01/25 1:0 a.m.245 views

CVE-2008-0456

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response...

2.6CVSS7.2AI score0.17838EPSS
CVE
CVE
added 2014/04/27 12:55 a.m.180 views

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdou...

2.1CVSS6AI score0.00027EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.142 views

CVE-2013-5908

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

2.6CVSS6.8AI score0.05356EPSS
CVE
CVE
added 2015/01/09 9:59 p.m.131 views

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1CVSS4.9AI score0.00045EPSS
CVE
CVE
added 2010/12/23 6:0 p.m.125 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

2.1CVSS5.8AI score0.00073EPSS
CVE
CVE
added 2015/01/09 9:59 p.m.125 views

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

2.1CVSS4.5AI score0.00155EPSS
CVE
CVE
added 2012/06/16 9:55 p.m.119 views

CVE-2012-1717

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

2.1CVSS7.6AI score0.00155EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.117 views

CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

2.1CVSS5.8AI score0.00055EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.113 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.00861EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.103 views

CVE-2014-0420

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

2.8CVSS5AI score0.00731EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.101 views

CVE-2012-3160

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

2.1CVSS4.1AI score0.00137EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.101 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

2.6CVSS4.2AI score0.00832EPSS
CVE
CVE
added 2007/12/04 12:46 a.m.100 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2011/02/18 8:0 p.m.100 views

CVE-2011-1044

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fil...

2.1CVSS5.4AI score0.00069EPSS
CVE
CVE
added 2009/10/19 8:0 p.m.99 views

CVE-2009-3228

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memor...

2.1CVSS6.5AI score0.00077EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.97 views

CVE-2014-2432

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

2.8CVSS4.2AI score0.00797EPSS
CVE
CVE
added 2013/04/17 12:14 p.m.94 views

CVE-2013-1506

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

2.8CVSS4.3AI score0.00527EPSS
CVE
CVE
added 2011/04/10 2:51 a.m.92 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS
CVE
CVE
added 2014/11/01 11:55 p.m.92 views

CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

2.1CVSS6.1AI score0.00092EPSS
CVE
CVE
added 2009/10/20 5:30 p.m.89 views

CVE-2009-2910

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

2.1CVSS5.9AI score0.00052EPSS
CVE
CVE
added 2008/08/08 6:41 p.m.80 views

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obt...

2.1CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2014/11/07 7:55 p.m.74 views

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.72 views

CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

2.1CVSS5.4AI score0.00073EPSS
CVE
CVE
added 2014/12/19 3:59 p.m.71 views

CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1CVSS7.1AI score0.00131EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.61 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS
CVE
CVE
added 2012/10/09 11:55 p.m.61 views

CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

2.1CVSS6AI score0.00039EPSS
CVE
CVE
added 2014/05/02 2:55 p.m.55 views

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

2.1CVSS6.2AI score0.00074EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.52 views

CVE-2013-0241

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2014/06/17 3:55 p.m.43 views

CVE-2014-4039

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

2.1CVSS5.6AI score0.00063EPSS