Home/Product/redhat enterprise linux eus
Product

redhat enterprise linux eus

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1709
all versions
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (T
9.4CRITICAL
 CVE-2025-6021
all versions
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base
7.5HIGH
 CVE-2025-3155
all versions
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabilit
7.4HIGH
 CVE-2025-2784
all versions
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_white
7.0HIGH
 CVE-2025-1756
all versions
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a u
7.5HIGH
 CVE-2024-12088
all versions
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest
6.5MEDIUM
 CVE-2024-12087
all versions
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled
6.5MEDIUM
 CVE-2024-12085
all versions
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate
7.5HIGH
 CVE-2024-9676
all versions
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can c
6.5MEDIUM
 CVE-2024-9675
all versions
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our
7.8HIGH
 CVE-2024-6387
all versions
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to
8.1HIGH
 CVE-2024-3183
all versions
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is d
8.1HIGH
 CVE-2024-3049
all versions
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allo
5.9MEDIUM
 CVE-2023-3758
all versions
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to
7.1HIGH
 CVE-2022-24809
all versions
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only
6.5MEDIUM
 CVE-2022-24808
all versions
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write
6.5MEDIUM
 CVE-2022-24807
all versions
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a S
6.5MEDIUM
 CVE-2022-24806
all versions
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write
6.5MEDIUM
 CVE-2022-24805
all versions
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in t
6.5MEDIUM
 CVE-2024-1488
all versions
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modif
8.0HIGH
 CVE-2024-1062
all versions
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars
5.5MEDIUM
 CVE-2024-0229
all versions
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab
7.8HIGH
 CVE-2023-6536
all versions
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of craft
6.5MEDIUM
 CVE-2023-6535
all versions
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of craft
6.5MEDIUM
 CVE-2023-6356
all versions
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of craft
6.5MEDIUM
 CVE-2023-5992
all versions
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This iss
5.6MEDIUM
 CVE-2023-5455
all versions
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows
6.5MEDIUM
 CVE-2023-47038
all versions
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl,
7.0HIGH
 CVE-2023-6478
all versions
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an
7.6HIGH
 CVE-2023-6377
all versions
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in o
7.8HIGH
 CVE-2023-5870
all versions
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replica
2.2LOW
 CVE-2023-5869
all versions
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks
8.8HIGH
 CVE-2023-5868
all versions
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting c
4.3MEDIUM
 CVE-2023-6606
all versions
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allo
7.1HIGH
 CVE-2023-42669
all versions
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack ele
6.5MEDIUM
 CVE-2023-3961
all versions
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within
9.1CRITICAL
 CVE-2023-1476
all versions
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs d
7.0HIGH
 CVE-2023-4091
all versions
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when
6.5MEDIUM
 CVE-2023-46848
all versions
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages
8.6HIGH
 CVE-2023-46847
all versions
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of a
8.6HIGH
 CVE-2023-46846
all versions
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Res
9.3CRITICAL
 CVE-2023-3972
all versions
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of
7.8HIGH
 CVE-2023-5633
all versions
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way m
7.8HIGH
 CVE-2023-4911
all versions
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment varia
7.8HIGH
 CVE-2023-5157
all versions
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a deni
7.5HIGH
 CVE-2023-4806
all versions
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been free
5.9MEDIUM
 CVE-2023-4527
all versions
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured
6.5MEDIUM
 CVE-2023-4813
all versions
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resultin
5.9MEDIUM
 CVE-2023-38201
all versions
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.
6.5MEDIUM
 CVE-2023-3899
all versions
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu
7.8HIGH
 CVE-2023-4147
all versions
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This f
7.8HIGH
 CVE-2023-38200
all versions
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against
7.5HIGH
 CVE-2023-2295
all versions
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received wi
7.5HIGH
 CVE-2023-2491
all versions
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" functio
7.8HIGH
 CVE-2023-2203
all versions
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This fla
8.8HIGH
 CVE-2023-0494
all versions
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by
7.8HIGH
 CVE-2019-8720
all versions
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitr
8.8HIGH
 CVE-2022-2601
all versions
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating
8.6HIGH
 CVE-2015-1931
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1
5.5MEDIUM
 CVE-2014-0148
all versions
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating B
5.5MEDIUM
 CVE-2014-0147
all versions
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable t
6.2MEDIUM
 CVE-2014-0144
all versions
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corr
8.6HIGH
 CVE-2021-20316
all versions
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to
6.8MEDIUM
 CVE-2022-1227
all versions
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. O
8.8HIGH
 CVE-2022-27649
all versions
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was foun
7.5HIGH
 CVE-2022-0435
all versions
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious
8.8HIGH
 CVE-2022-0330
all versions
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicio
7.8HIGH
 CVE-2021-3733
all versions
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (s
6.5MEDIUM
 CVE-2021-3744
all versions
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allo
5.5MEDIUM
 CVE-2022-0492
all versions
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw,
7.8HIGH
 CVE-2021-3609
all versions
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsy
7.0HIGH
 CVE-2021-44142
all versions
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients
8.8HIGH
 CVE-2020-25719
all versions
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The S
7.2HIGH
 CVE-2020-25717
all versions
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl
8.1HIGH
 CVE-2016-2124
all versions
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw
5.9MEDIUM
 CVE-2021-3551
all versions
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installat
7.8HIGH
 CVE-2021-4034
all versions
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed
7.8HIGH
 CVE-2021-3621
all versions
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire s
8.8HIGH
 CVE-2021-3672
all versions
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can
5.6MEDIUM
 CVE-2021-40438
all versions
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a
9.0CRITICAL
 CVE-2021-3570
all versions
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports
8.8HIGH
 CVE-2020-14355
all versions
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before
6.6MEDIUM
 CVE-2020-1045
all versions
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NE
7.5HIGH
 CVE-2020-9490
all versions
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re
7.5HIGH
 CVE-2020-14311
all versions
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic lin
5.7MEDIUM
 CVE-2020-14310
all versions
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MA
5.7MEDIUM
 CVE-2019-15606
all versions
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value
9.8CRITICAL
 CVE-2019-15605
all versions
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
9.8CRITICAL
 CVE-2019-15604
all versions
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
7.5HIGH
 CVE-2019-19339
all versions
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was fou
6.5MEDIUM
 CVE-2020-2659
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7LOW
 CVE-2020-2654
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7
3.7LOW
 CVE-2020-2604
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
8.1HIGH
 CVE-2020-2601
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
6.8MEDIUM
 CVE-2020-2593
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
4.8MEDIUM
 CVE-2020-2590
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7LOW
 CVE-2020-2583
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-0603
all versions
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attac
8.8HIGH
 CVE-2020-0602
all versions
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vu
7.5HIGH
 CVE-2020-6851
all versions
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k
7.5HIGH
 CVE-2019-17024
all versions
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of m
8.8HIGH
 CVE-2019-19906
all versions
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via
7.5HIGH
 CVE-2018-1311
all versions
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This
8.1HIGH
 CVE-2019-16777
all versions
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-insta
7.7HIGH
 CVE-2019-16776
all versions
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside o
7.7HIGH
 CVE-2019-16775
all versions
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks
7.7HIGH
 CVE-2019-13734
all versions
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupt
8.8HIGH
 CVE-2019-11135
all versions
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enabl
6.5MEDIUM
 CVE-2019-6470
all versions
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There
6.5MEDIUM
 CVE-2019-5010
all versions
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specia
7.5HIGH
 CVE-2019-11043
all versions
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possibl
8.7HIGH
 CVE-2019-17631
all versions
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted
9.1CRITICAL
 CVE-2019-14287
all versions
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM
8.8HIGH
 CVE-2019-2999
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u2
4.7MEDIUM
 CVE-2019-2996
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is af
4.2MEDIUM
 CVE-2019-2992
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2988
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2983
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2019-2981
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7LOW
 CVE-2019-2978
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7LOW
 CVE-2019-2975
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
4.8MEDIUM
 CVE-2019-2973
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7LOW
 CVE-2019-2964
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
3.7LOW
 CVE-2019-2962
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2945
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.1LOW
 CVE-2019-14823
all versions
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, wher
7.4HIGH
 CVE-2019-16276
all versions
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
7.5HIGH
 CVE-2019-16884
all versions
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcon
7.5HIGH
 CVE-2019-14816
all versions
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel,
7.8HIGH
 CVE-2019-14814
all versions
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux k
7.8HIGH
 CVE-2019-14821
all versions
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor im
8.8HIGH
 CVE-2019-14835
all versions
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates
7.8HIGH
 CVE-2019-15718
all versions
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the sy
4.4MEDIUM
 CVE-2019-10086
all versions
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3HIGH
 CVE-2019-9506
all versions
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not pre
8.1HIGH
 CVE-2019-9514
all versions
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb
7.5HIGH
 CVE-2018-16871
all versions
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is a
7.5HIGH
 CVE-2019-2879
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2834
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2830
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2826
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are a
4.9MEDIUM
 CVE-2019-2819
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are a
5.5MEDIUM
 CVE-2019-2816
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
4.8MEDIUM
 CVE-2019-2815
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2814
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
2.2LOW
 CVE-2019-2812
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2811
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2810
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2808
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2805
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2019-2803
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2802
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2801
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2800
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
7.1HIGH
 CVE-2019-2798
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2797
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
4.2MEDIUM
 CVE-2019-2796
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2795
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected
6.5MEDIUM
 CVE-2019-2789
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
2.7LOW
 CVE-2019-2786
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4LOW
 CVE-2019-2785
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2784
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2780
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that
4.9MEDIUM
 CVE-2019-2778
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
5.4MEDIUM
 CVE-2019-2774
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2769
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3MEDIUM
 CVE-2019-2762
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3MEDIUM
 CVE-2019-2757
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2755
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.9MEDIUM
 CVE-2019-2752
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
4.9MEDIUM
 CVE-2019-2740
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are
6.5MEDIUM
 CVE-2019-2739
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
5.1MEDIUM
 CVE-2019-2738
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affect
3.1LOW
 CVE-2019-9959
all versions
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integ
6.5MEDIUM
 CVE-2019-1010238
all versions
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code
9.8CRITICAL
 CVE-2019-13616
all versions
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_bli
8.1HIGH
 CVE-2019-12527
all versions
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a glo
8.8HIGH
 CVE-2019-10193
all versions
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0
7.2HIGH
 CVE-2019-10192
all versions
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.
7.2HIGH
 CVE-2019-13313
all versions
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-
7.8HIGH
 CVE-2019-12817
all versions
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be ab
7.0HIGH
 CVE-2019-11478
all versions
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmente
5.3MEDIUM
 CVE-2019-11477
all versions
Jonathan Looney discovered that the TCP_SKB_CB(skb)-tcp_gso_segs value was subject to an integer overflow in the Linux kernel when
7.5HIGH
 CVE-2019-10126
all versions
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/
9.8CRITICAL
 CVE-2019-10160
all versions
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting ve
9.8CRITICAL
 CVE-2019-9755
all versions
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g wi
7.0HIGH
 CVE-2019-11356
all versions
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrar
9.8CRITICAL
 CVE-2019-12450
all versions
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy ope
9.8CRITICAL
 CVE-2019-0820
all versions
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework a
7.5HIGH
 CVE-2019-11833
all versions
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which mig
5.5MEDIUM
 CVE-2019-11884
all versions
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain poten
3.3LOW
 CVE-2019-9810
all versions
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buff
8.8HIGH
 CVE-2019-9792
all versions
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout
9.8CRITICAL
 CVE-2019-9791
all versions
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compil
9.8CRITICAL
 CVE-2019-9788
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5
9.8CRITICAL
 CVE-2019-2698
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1HIGH
 CVE-2019-2697
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1HIGH
 CVE-2019-2695
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2694
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2693
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2691
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are a
4.9MEDIUM
 CVE-2019-2689
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2688
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2687
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2686
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2685
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2684
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
5.9MEDIUM
 CVE-2019-2683
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
4.9MEDIUM
 CVE-2019-2681
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2644
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2636
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions t
4.4MEDIUM
 CVE-2019-2635
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.9MEDIUM
 CVE-2019-2634
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
5.1MEDIUM
 CVE-2019-2631
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that ar
4.9MEDIUM
 CVE-2019-2630
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.4MEDIUM
 CVE-2019-2628
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2019-2627
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2626
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2625
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2624
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2623
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
5.3MEDIUM
 CVE-2019-2620
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2617
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.4MEDIUM
 CVE-2019-2614
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.4MEDIUM
 CVE-2019-2607
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2606
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2602
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5HIGH
 CVE-2019-2596
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2593
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2592
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5
4.9MEDIUM
 CVE-2019-2589
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2587
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2585
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-2584
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2581
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2580
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.1
4.9MEDIUM
 CVE-2019-0223
all versions
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C libr
7.4HIGH
 CVE-2019-11459
all versions
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0
5.5MEDIUM
 CVE-2019-11235
all versions
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the receiv
9.8CRITICAL
 CVE-2018-16878
all versions
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled
5.5MEDIUM
 CVE-2018-16877
all versions
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A loca
7.8HIGH
 CVE-2019-3460
all versions
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
6.5MEDIUM
 CVE-2019-3459
all versions
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5MEDIUM
 CVE-2019-3887
all versions
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization e
5.6MEDIUM
 CVE-2019-0757
all versions
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modi
6.5MEDIUM
 CVE-2019-0211
all versions
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr
7.8HIGH
 CVE-2019-0160
all versions
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or
9.8CRITICAL
 CVE-2019-9948
all versions
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protecti
9.1CRITICAL
 CVE-2019-9903
all versions
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find
6.5MEDIUM
 CVE-2019-7222
all versions
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
5.5MEDIUM
 CVE-2019-6454
all versions
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len
5.5MEDIUM
 CVE-2019-3816
all versions
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openws
7.5HIGH
 CVE-2019-9636
all versions
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc)
9.8CRITICAL
 CVE-2019-7164
all versions
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
9.8CRITICAL
 CVE-2019-6974
all versions
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race
8.1HIGH
 CVE-2019-7665
all versions
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A cr
5.5MEDIUM
 CVE-2019-7664
all versions
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow ch
5.5MEDIUM
 CVE-2019-7548
all versions
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
7.8HIGH
 CVE-2018-18506
all versions
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded loca
5.9MEDIUM
 CVE-2019-7310
all versions
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) al
7.8HIGH
 CVE-2019-6111
all versions
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/
5.9MEDIUM
 CVE-2019-6109
all versions
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-T
6.8MEDIUM
 CVE-2019-7150
all versions
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.
5.5MEDIUM
 CVE-2019-2539
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affect
4.9MEDIUM
 CVE-2019-2537
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2536
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
5.0MEDIUM
 CVE-2019-2535
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
4.1MEDIUM
 CVE-2019-2534
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
7.1HIGH
 CVE-2019-2533
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions tha
6.5MEDIUM
 CVE-2019-2532
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2531
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.9MEDIUM
 CVE-2019-2530
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2529
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2510
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2019-2503
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that a
6.4MEDIUM
 CVE-2019-2481
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2455
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2019-2449
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Jav
3.1LOW
 CVE-2019-2436
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
5.5MEDIUM
 CVE-2019-2434
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2019-2422
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java
3.1LOW
 CVE-2019-2420
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2018-20685
all versions
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or
5.3MEDIUM
 CVE-2018-20662
all versions
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h
6.5MEDIUM
 CVE-2018-20650
all versions
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a chec
6.5MEDIUM
 CVE-2018-18311
all versions
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8CRITICAL
 CVE-2018-8787
all versions
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_
9.8CRITICAL
 CVE-2018-12121
all versions
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a c
7.5HIGH
 CVE-2018-18897
all versions
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstra
6.5MEDIUM
 CVE-2018-3214
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that
5.3MEDIUM
 CVE-2018-3183
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions
9.0CRITICAL
 CVE-2018-3180
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that
5.6MEDIUM
 CVE-2018-3169
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3HIGH
 CVE-2018-3149
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3HIGH
 CVE-2018-3139
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
3.1LOW
 CVE-2018-3136
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4LOW
 CVE-2018-14633
all versions
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authe
7.0HIGH
 CVE-2017-15705
all versions
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with ce
5.3MEDIUM
 CVE-2015-5160
all versions
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local
5.5MEDIUM
 CVE-2018-2952
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported version
3.7LOW
 CVE-2018-2767
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that
3.1LOW
 CVE-2018-3693
all versions
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio
5.6MEDIUM
 CVE-2018-13405
all versions
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended
7.8HIGH
 CVE-2018-11806
all versions
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
8.2HIGH
 CVE-2017-7847
all versions
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunder
4.3MEDIUM
 CVE-2017-7829
all versions
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender
5.3MEDIUM
 CVE-2017-7824
all versions
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due
9.8CRITICAL
 CVE-2016-9901
all versions
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in t
9.8CRITICAL
 CVE-2018-3639
all versions
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all
5.5MEDIUM
 CVE-2018-10393
all versions
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
7.5HIGH
 CVE-2018-10392
all versions
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers
8.8HIGH
 CVE-2018-2819
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.5
6.5MEDIUM
 CVE-2018-2817
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2018-2781
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2018-2771
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected
4.4MEDIUM
 CVE-2018-2761
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.9MEDIUM
 CVE-2018-2755
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
7.7HIGH
 CVE-2018-1312
all versions
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks
9.8CRITICAL
 CVE-2018-8088
all versions
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended acce
9.8CRITICAL
 CVE-2018-2668
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2665
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2640
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2639
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3HIGH
 CVE-2018-2638
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3HIGH
 CVE-2018-2622
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2018-2562
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affect
7.1HIGH
 CVE-2017-15129
all versions
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_ne
4.7MEDIUM
 CVE-2017-18017
all versions
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows re
9.8CRITICAL
 CVE-2017-16541
all versions
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client
6.5MEDIUM
 CVE-2017-15906
all versions
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, whic
5.3MEDIUM
 CVE-2017-12613
all versions
When apr_time_exp() or apr_os_exp_time() functions are invoked with an invalid month field value in Apache Portable Runtime APR
7.1HIGH
 CVE-2017-10388
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5HIGH
 CVE-2017-10384
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-10379
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
6.5MEDIUM
 CVE-2017-10378
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2017-10357
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that
5.3MEDIUM
 CVE-2017-10356
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
6.2MEDIUM
 CVE-2017-10355
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
5.3MEDIUM
 CVE-2017-10350
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are aff
5.3MEDIUM
 CVE-2017-10349
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
5.3MEDIUM
 CVE-2017-10348
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
5.3MEDIUM
 CVE-2017-10347
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affec
5.3MEDIUM
 CVE-2017-10346
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
9.6CRITICAL
 CVE-2017-10345
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
3.1LOW
 CVE-2017-10309
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
7.1HIGH
 CVE-2017-10295
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
4.0MEDIUM
 CVE-2017-10285
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6CRITICAL
 CVE-2017-10281
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2017-10274
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are J
6.8MEDIUM
 CVE-2017-10268
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.1MEDIUM
 CVE-2017-15041
all versions
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange t
9.8CRITICAL
 CVE-2017-12617
all versions
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena
8.1HIGH
 CVE-2017-12615
all versions
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation paramet
8.1HIGH
 CVE-2016-6796
all versions
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 an
7.5HIGH
 CVE-2016-6797
all versions
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70
7.5HIGH
 CVE-2016-6794
all versions
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityMa
5.3MEDIUM
 CVE-2016-5018
all versions
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web ap
9.1CRITICAL
 CVE-2016-0762
all versions
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and
5.9MEDIUM
 CVE-2017-3653
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
3.1LOW
 CVE-2017-3651
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected
4.3MEDIUM
 CVE-2017-10243
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions tha
6.5MEDIUM
 CVE-2017-10198
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
6.8MEDIUM
 CVE-2017-10193
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1LOW
 CVE-2017-10135
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
5.9MEDIUM
 CVE-2017-10116
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
8.3HIGH
 CVE-2017-10115
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
7.5HIGH
 CVE-2017-10111
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that i
9.6CRITICAL
 CVE-2017-10110
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u
9.6CRITICAL
 CVE-2017-10109
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2017-10108
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2017-10107
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6CRITICAL
 CVE-2017-10105
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
4.3MEDIUM
 CVE-2017-10102
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.0CRITICAL
 CVE-2017-10101
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6CRITICAL
 CVE-2017-10096
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6CRITICAL
 CVE-2017-10090
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6CRITICAL
 CVE-2017-10089
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE
9.6CRITICAL
 CVE-2017-10087
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6CRITICAL
 CVE-2017-10078
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java
8.1HIGH
 CVE-2017-10074
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3HIGH
 CVE-2017-10067
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java S
7.5HIGH
 CVE-2017-10053
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that ar
5.3MEDIUM
 CVE-2017-10664
all versions
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon
7.5HIGH
 CVE-2016-8743
all versions
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in r
7.5HIGH
 CVE-2017-7668
all versions
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_fi
7.5HIGH
 CVE-2017-3167
all versions
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t
9.8CRITICAL
 CVE-2017-9287
all versions
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search t
6.5MEDIUM
 CVE-2016-9843
all versions
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors inv
9.8CRITICAL
 CVE-2016-9842
all versions
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors
8.8HIGH
 CVE-2016-9841
all versions
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmet
9.8CRITICAL
 CVE-2016-9840
all versions
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithme
8.8HIGH
 CVE-2017-8291
all versions
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/O
7.8HIGH
 CVE-2017-3456
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9MEDIUM
 CVE-2017-3453
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2017-3309
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
7.7HIGH
 CVE-2017-3308
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
7.7HIGH
 CVE-2016-1908
all versions
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 serv
9.8CRITICAL
 CVE-2016-5011
all versions
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to
4.6MEDIUM
 CVE-2015-8896
all versions
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (appl
6.5MEDIUM
 CVE-2016-9560
all versions
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to
7.8HIGH
 CVE-2017-5848
all versions
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cau
7.5HIGH
 CVE-2017-3318
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are af
4.0MEDIUM
 CVE-2017-3317
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.
4.0MEDIUM
 CVE-2017-3313
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected a
4.7MEDIUM
 CVE-2017-3291
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
6.3MEDIUM
 CVE-2017-3265
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
5.6MEDIUM
 CVE-2017-3258
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-3244
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-3243
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected
4.4MEDIUM
 CVE-2017-3238
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2016-9446
all versions
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive informa
7.5HIGH
 CVE-2016-9811
all versions
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows re
4.7MEDIUM
 CVE-2016-9131
all versions
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a den
7.5HIGH
 CVE-2016-5195
all versions
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging in
7.0HIGH
 CVE-2016-8864
all versions
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a den
7.5HIGH
 CVE-2016-5629
all versions
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrat
4.9MEDIUM
 CVE-2016-5626
all versions
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-5624
all versions
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors
6.5MEDIUM
 CVE-2016-5612
all versions
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-3492
all versions
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-7163
all versions
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a
7.8HIGH
 CVE-2016-2775
all versions
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enable
5.9MEDIUM
 CVE-2016-5387
all versions
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc
8.1HIGH
 CVE-2016-5126
all versions
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial
7.8HIGH
 CVE-2016-4020
all versions
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS a
6.5MEDIUM
 CVE-2016-3627
all versions
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent att
7.5HIGH
 CVE-2015-3152
all versions
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl opt
5.9MEDIUM
 CVE-2016-3718
all versions
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-sid
5.5MEDIUM
 CVE-2016-3715
all versions
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a
5.5MEDIUM
 CVE-2016-3427
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8CRITICAL
 CVE-2016-0651
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Opti
5.5MEDIUM
 CVE-2016-0642
all versions
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to aff
4.7MEDIUM
 CVE-2016-2857
all versions
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bou
8.4HIGH
 CVE-2016-1646
all versions
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not pro
8.8HIGH
 CVE-2015-8631
all versions
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14
6.5MEDIUM
 CVE-2015-8629
all versions
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.
5.3MEDIUM
 CVE-2015-1779
all versions
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a la
8.6HIGH
 CVE-2015-7512
all versions
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attacker
9.0CRITICAL
 CVE-2015-3276
all versions
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode c
7.5HIGH
 CVE-2015-8391
all versions
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to ca
9.8CRITICAL
 CVE-2015-8126
all versions
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1
 CVE-2015-4913
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4902
all versions
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors
5.3MEDIUM
 CVE-2015-4879
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to
 CVE-2015-4870
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4864
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-4861
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4858
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4836
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4830
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4826
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4816
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via u
 CVE-2015-4815
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4802
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4792
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-7645
all versions
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux
7.8HIGH
 CVE-2015-5165
all versions
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote at
 CVE-2015-4495
all versions
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers
8.8HIGH
 CVE-2015-4757
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to af
 CVE-2015-4752
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2648
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2643
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2590
all versions
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to af
9.8CRITICAL
 CVE-2015-5119
all versions
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through
9.8CRITICAL
 CVE-2015-3113
all versions
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and
9.8CRITICAL
 CVE-2015-3209
all versions
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet w
 CVE-2015-0797
all versions
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux
 CVE-2015-1241
all versions
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events
 CVE-2015-2573
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-2571
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-2568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect ava
 CVE-2015-0505
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0501
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0499
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0441
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-0433
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-3043
all versions
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux
9.8CRITICAL
 CVE-2015-2808
all versions
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the ini
3.7LOW
 CVE-2015-1212
all versions
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on
 CVE-2015-1211
all versions
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome be
 CVE-2015-1210
all versions
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in
 CVE-2015-1209
all versions
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp
 CVE-2015-0391
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
 CVE-2015-0382
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
 CVE-2015-0381
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
 CVE-2015-0374
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to af
 CVE-2014-6568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to
 CVE-2014-9585
all versions
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the
 CVE-2014-9584
all versions
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value
 CVE-2014-9322
all versions
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS
7.8HIGH
 CVE-2014-5353
all versions
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5)
 CVE-2014-8964
all versions
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other uns
 CVE-2014-7840
all versions
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute
 CVE-2014-7815
all versions
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_p
 CVE-2014-3615
all versions
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
 CVE-2014-3581
all versions
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11
 CVE-2014-7169
all versions
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8CRITICAL
 CVE-2014-6271
all versions
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8CRITICAL
 CVE-2014-5077
all versions
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, al
 CVE-2014-5045
all versions
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin