Enterprise Linux Server
by Red Hat
CVEs (1,623)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6671 | Cri | 0.65 | 9.8 | 0.11 | Dec 11, 2013 | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| CVE-2013-5618 | Cri | 0.65 | 9.8 | 0.10 | Dec 11, 2013 | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute… | ||
| CVE-2013-0641 | Hig | 0.65 | 7.8 | 0.32 | KEV | Feb 14, 2013 | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. | |
| CVE-2024-6387 | Hig | 0.64 | 8.1 | 1.00 | Jul 1, 2024 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time… | ||
| CVE-2017-3114 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific… | ||
| CVE-2017-3112 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)… | ||
| CVE-2017-11225 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended… | ||
| CVE-2017-11215 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --… | ||
| CVE-2017-11213 | Cri | 0.64 | 9.8 | 0.07 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an… | ||
| CVE-2017-14746 | Cri | 0.64 | 9.8 | 0.10 | Nov 27, 2017 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | ||
| CVE-2017-1000116 | Cri | 0.64 | 9.8 | 0.06 | Oct 5, 2017 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | ||
| CVE-2017-12987 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | ||
| CVE-2017-12902 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | ||
| CVE-2017-12899 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | ||
| CVE-2017-12896 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | ||
| CVE-2017-14064 | Cri | 0.64 | 9.8 | 0.09 | Aug 31, 2017 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of… | ||
| CVE-2017-9788 | Cri | 0.64 | 9.1 | 0.57 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment… | ||
| CVE-2016-7050 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2017 | SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | ||
| CVE-2016-5405 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2017 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. | ||
| CVE-2016-9843 | Cri | 0.64 | 9.8 | 0.06 | May 23, 2017 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. |
- risk 0.65cvss 9.8epss 0.11
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
- risk 0.65cvss 9.8epss 0.10
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute…
- risk 0.65cvss 7.8epss 0.32
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
- risk 0.64cvss 8.1epss 1.00
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an…
- risk 0.64cvss 9.8epss 0.10
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
- risk 0.64cvss 9.8epss 0.06
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
- risk 0.64cvss 9.8epss 0.03
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
- risk 0.64cvss 9.8epss 0.03
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
- risk 0.64cvss 9.8epss 0.03
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
- risk 0.64cvss 9.8epss 0.03
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
- risk 0.64cvss 9.8epss 0.09
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…
- risk 0.64cvss 9.1epss 0.57
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…
- risk 0.64cvss 9.8epss 0.05
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
- risk 0.64cvss 9.8epss 0.06
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Page 4 of 82