Redhat

Enterprise Linux Server

1890 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-5353

  • EPSS 0.47%
  • Published 16.12.2014 23:59:00
  • Last modified 12.04.2025 10:46:40

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via...

5

CVE-2014-8964

  • EPSS 2.09%
  • Published 16.12.2014 18:59:10
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

7.5

CVE-2014-7840

  • EPSS 2.46%
  • Published 12.12.2014 15:59:08
  • Last modified 12.04.2025 10:46:40

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

4.6

CVE-2014-9273

Exploit
  • EPSS 0.18%
  • Published 08.12.2014 16:59:11
  • Last modified 12.04.2025 10:46:40

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

4.3

CVE-2012-6662

  • EPSS 9.22%
  • Published 24.11.2014 16:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope...

5

CVE-2014-4975

  • EPSS 3.45%
  • Published 15.11.2014 20:59:01
  • Last modified 12.04.2025 10:46:40

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that tr...

9.4

CVE-2014-8567

  • EPSS 4.43%
  • Published 14.11.2014 15:59:02
  • Last modified 12.04.2025 10:46:40

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

5

CVE-2014-7815

  • EPSS 5.23%
  • Published 14.11.2014 15:59:01
  • Last modified 12.04.2025 10:46:40

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

5

CVE-2014-8564

  • EPSS 0.81%
  • Published 13.11.2014 21:32:13
  • Last modified 12.04.2025 10:46:40

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptograp...

7.5

CVE-2014-3693

  • EPSS 5.36%
  • Published 07.11.2014 19:55:03
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP p...