Redhat Enterprise Linux Server Aus vulnerabilities
1,059 known vulnerabilities affecting redhat/enterprise_linux_server_aus.
Total CVEs
1,059
CISA KEV
37
actively exploited
Public exploits
87
Exploited in wild
41
Severity breakdown
CRITICAL215HIGH359MEDIUM415LOW70
Vulnerabilities
Page 6 of 53
CVE-2020-2593MEDIUMCVSS 4.8v7.72020-01-15
CVE-2020-2593 [MEDIUM] CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succ
nvd
CVE-2020-2659LOWCVSS 3.7v7.72020-01-15
CVE-2020-2659 [LOW] CVE-2020-2659: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of t
nvd
CVE-2020-2654LOWCVSS 3.7v7.72020-01-15
CVE-2020-2654 [LOW] CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2020-2583LOWCVSS 3.7v7.72020-01-15
CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd
nvd
CVE-2020-2590LOWCVSS 3.7v7.72020-01-15
CVE-2020-2590 [LOW] CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2014-7844HIGHCVSS 7.8v6.6v7.3+3 more2020-01-14
CVE-2014-7844 [HIGH] CWE-74 CVE-2014-7844: BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted emai
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
nvd
CVE-2015-3147MEDIUMCVSS 6.5v7.3v7.4+2 more2020-01-14
CVE-2015-3147 [MEDIUM] CWE-59 CVE-2015-3147: daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports fro
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
nvd
CVE-2020-6851HIGHCVSS 7.5v7.7v8.2+1 more2020-01-13
CVE-2020-6851 [HIGH] CWE-787 CVE-2020-6851: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
nvd
CVE-2019-11745HIGHCVSS 8.8v6.62020-01-08
CVE-2019-11745 [HIGH] CWE-787 CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
nvd
CVE-2019-17024HIGHCVSS 8.8v7.7v8.2+1 more2020-01-08
CVE-2019-17024 [HIGH] CWE-787 CVE-2019-17024: Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17017HIGHCVSS 8.8v7.72020-01-08
CVE-2019-17017 [HIGH] CWE-843 CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting i
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17016MEDIUMCVSS 6.1v7.72020-01-08
CVE-2019-17016 [MEDIUM] CWE-79 CVE-2019-17016: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incor
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
nvd
CVE-2019-17022MEDIUMCVSS 6.1v7.72020-01-08
CVE-2019-17022 [MEDIUM] CWE-79 CVE-2019-17022: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, th
nvd
CVE-2019-19906HIGHCVSS 7.5v8.42019-12-19
CVE-2019-19906 [HIGH] CWE-193 CVE-2019-19906: cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote deni
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
nvd
CVE-2018-1311HIGHCVSS 8.1v7.72019-12-18
CVE-2018-1311 [HIGH] CWE-416 CVE-2018-1311: The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the s
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using
nvd
CVE-2019-13734HIGHCVSS 8.8v7.7v8.2+1 more2019-12-10
CVE-2019-13734 [HIGH] CWE-787 CVE-2019-13734: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5544CRITICALCVSS 9.8KEVPoCv7.72019-12-06
CVE-2019-5544 [CRITICAL] CWE-787 CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evalu
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
nvd
CVE-2019-10216HIGHCVSS 7.8v7.72019-11-27
CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
nvd
CVE-2019-14815HIGHCVSS 7.8v8.2v8.4+1 more2019-11-25
CVE-2019-14815 [HIGH] CWE-122 CVE-2019-14815: A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
nvd
CVE-2019-0155HIGHCVSS 7.8v7.22019-11-14
CVE-2019-0155 [HIGH] CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6,
nvd