Redhat Enterprise Linux Server vulnerabilities

1,891 known vulnerabilities affecting redhat/enterprise_linux_server.

Total CVEs

1,891

CISA KEV

actively exploited

Public exploits

134

Exploited in wild

Severity breakdown

CRITICAL347HIGH710MEDIUM734LOW100

Vulnerabilities

Page 85 of 95

CVE-2013-2391LOWCVSS 3.0v6.02013-04-17

CVE-2013-2391 [LOW] CVE-2013-2391: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and ear Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

nvd

CVE-2013-1548LOWCVSS 3.5v6.02013-04-17

CVE-2013-1548 [LOW] CVE-2013-1548: Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to af Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

nvd

CVE-2013-1506LOWCVSS 2.8v6.02013-04-17

CVE-2013-1506 [LOW] CVE-2013-1506: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and ear Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

nvd

CVE-2013-0791MEDIUMCVSS 5.0v5.0v6.02013-04-03

CVE-2013-0791 [MEDIUM] CWE-119 CVE-2013-0791: The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla F The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption)

nvd

CVE-2013-2555CRITICALCVSS 10.0v6.02013-03-11

CVE-2013-2555 [CRITICAL] CWE-190 CVE-2013-2555: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows an Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers

nvd

CVE-2011-3201MEDIUMCVSS 4.3v6.02013-03-08

CVE-2011-3201 [MEDIUM] CWE-200 CVE-2011-3201: GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the a GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

nvd

CVE-2012-3411MEDIUMCVSS 5.0v6.02013-03-05

CVE-2012-3411 [MEDIUM] CWE-20 CVE-2012-3411: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from pr Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

nvd

CVE-2011-2491MEDIUMCVSS 4.9v5.02013-03-01

CVE-2011-2491 [MEDIUM] CWE-400 CVE-2011-2491: The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.

nvd

CVE-2011-1182LOWCVSS 3.6v5.02013-03-01

CVE-2011-1182 [LOW] CVE-2011-1182: kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a s kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.

nvd

CVE-2013-0648HIGHCVSS 8.8KEVv6.02013-02-27

CVE-2013-0648 [HIGH] CVE-2013-0648: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

nvd

CVE-2013-0643HIGHCVSS 8.8KEVv6.02013-02-27

CVE-2013-0643 [HIGH] CWE-269 CVE-2013-0643: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

nvd

CVE-2013-0782CRITICALCVSS 9.3v5.0v6.02013-02-19

CVE-2013-0782 [CRITICAL] CWE-787 CVE-2013-0782: Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox b Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2013-0783CRITICALCVSS 9.3v5.0v6.02013-02-19

CVE-2013-0783 [CRITICAL] CVE-2013-0783: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vector

nvd

CVE-2013-0775CRITICALCVSS 9.3v5.0v6.02013-02-19

CVE-2013-0775 [CRITICAL] CWE-416 CVE-2013-0775: Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firef Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.

nvd

CVE-2013-0780CRITICALCVSS 9.3v5.0v6.02013-02-19

CVE-2013-0780 [CRITICAL] CWE-416 CVE-2013-0780: Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefo Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a craft

nvd

CVE-2013-0772MEDIUMCVSS 5.8v5.0v6.02013-02-19

CVE-2013-0772 [MEDIUM] CWE-119 CVE-2013-0772: The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

nvd

CVE-2013-0776MEDIUMCVSS 4.0v5.0v6.02013-02-19

CVE-2013-0776 [MEDIUM] CWE-295 CVE-2013-0776: Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site

nvd

CVE-2013-0641HIGHCVSS 7.8KEVv6.02013-02-14

CVE-2013-0641 [HIGH] CWE-120 CVE-2013-0641: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

nvd

CVE-2013-0640HIGHCVSS 7.8KEVPoCv6.02013-02-14

CVE-2013-0640 [HIGH] CWE-787 CVE-2013-0640: Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

nvd

CVE-2012-6075CRITICALCVSS 9.3v5.0v6.02013-02-13

CVE-2012-6075 [CRITICAL] CWE-120 CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0- Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

nvd

← Previous85 / 95Next →