Enterprise Linux Desktop
by Red Hat
CVEs (999)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4819 | 0.00 | — | 0.00 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. | |||
| CVE-2015-4815 | 0.00 | — | 0.04 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | |||
| CVE-2015-4802 | 0.00 | — | 0.04 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||
| CVE-2015-4792 | 0.00 | — | 0.04 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | |||
| CVE-2015-5235 | 0.00 | — | 0.03 | Oct 9, 2015 | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | |||
| CVE-2015-5234 | 0.00 | — | 0.02 | Oct 9, 2015 | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to… | |||
| CVE-2014-9751 | 0.00 | — | 0.05 | Oct 6, 2015 | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the… | |||
| CVE-2014-9750 | 0.00 | — | 0.06 | Oct 6, 2015 | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for… | |||
| CVE-2015-3247 | 0.00 | — | 0.01 | Sep 8, 2015 | Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. | |||
| CVE-2015-5157 | 0.00 | — | 0.01 | Aug 31, 2015 | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | |||
| CVE-2015-4752 | 0.00 | — | 0.04 | Jul 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. | |||
| CVE-2015-2648 | 0.00 | — | 0.04 | Jul 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2015-2643 | 0.00 | — | 0.04 | Jul 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||
| CVE-2015-2582 | 0.00 | — | 0.04 | Jul 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | |||
| CVE-2015-3281 | 0.00 | — | 0.04 | Jul 6, 2015 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted… | |||
| CVE-2015-4142 | 0.00 | — | 0.04 | Jun 15, 2015 | Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds… | |||
| CVE-2015-0797 | 0.00 | — | 0.05 | May 14, 2015 | GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264… | |||
| CVE-2015-1863 | 0.00 | — | 0.05 | Apr 28, 2015 | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. | |||
| CVE-2015-1241 | 0.00 | — | 0.02 | Apr 19, 2015 | Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | |||
| CVE-2015-2573 | 0.00 | — | 0.05 | Apr 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. |
- CVE-2015-4819Oct 21, 2015risk 0.00cvss —epss 0.00
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
- CVE-2015-4815Oct 21, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
- CVE-2015-4802Oct 21, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
- CVE-2015-4792Oct 21, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
- CVE-2015-5235Oct 9, 2015risk 0.00cvss —epss 0.03
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
- CVE-2015-5234Oct 9, 2015risk 0.00cvss —epss 0.02
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to…
- CVE-2014-9751Oct 6, 2015risk 0.00cvss —epss 0.05
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the…
- CVE-2014-9750Oct 6, 2015risk 0.00cvss —epss 0.06
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for…
- CVE-2015-3247Sep 8, 2015risk 0.00cvss —epss 0.01
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
- CVE-2015-5157Aug 31, 2015risk 0.00cvss —epss 0.01
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
- CVE-2015-4752Jul 16, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
- CVE-2015-2648Jul 16, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2015-2643Jul 16, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
- CVE-2015-2582Jul 16, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
- CVE-2015-3281Jul 6, 2015risk 0.00cvss —epss 0.04
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted…
- CVE-2015-4142Jun 15, 2015risk 0.00cvss —epss 0.04
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds…
- CVE-2015-0797May 14, 2015risk 0.00cvss —epss 0.05
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264…
- CVE-2015-1863Apr 28, 2015risk 0.00cvss —epss 0.05
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
- CVE-2015-1241Apr 19, 2015risk 0.00cvss —epss 0.02
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
- CVE-2015-2573Apr 16, 2015risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Page 34 of 50