Redhat Enterprise Linux Server Eus vulnerabilities

622 known vulnerabilities affecting redhat/enterprise_linux_server_eus.

Total CVEs

622

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL178HIGH239MEDIUM183LOW22

Vulnerabilities

Page 31 of 32

CVE-2012-3961CRITICALCVSS 10.0v6.32012-08-29

CVE-2012-3961 [CRITICAL] CWE-416 CVE-2012-3961: Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

nvd

CVE-2012-3956CRITICALCVSS 10.0v6.32012-08-29

CVE-2012-3956 [CRITICAL] CWE-416 CVE-2012-3956: Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified

nvd

CVE-2012-3963CRITICALCVSS 10.0v6.32012-08-29

CVE-2012-3963 [CRITICAL] CWE-416 CVE-2012-3963: Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2012-3959CRITICALCVSS 10.0v6.32012-08-29

CVE-2012-3959 [CRITICAL] CWE-416 CVE-2012-3959: Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified ve

nvd

CVE-2012-1974CRITICALCVSS 10.0v6.32012-08-29

CVE-2012-1974 [CRITICAL] CWE-416 CVE-2012-1974: Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vect

nvd

CVE-2012-3972MEDIUMCVSS 5.0v6.32012-08-29

CVE-2012-3972 [MEDIUM] CWE-200 CVE-2012-3972: The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

nvd

CVE-2012-3976MEDIUMCVSS 4.3v6.32012-08-29

CVE-2012-3976 [MEDIUM] CWE-200 CVE-2012-3976: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not proper Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

nvd

CVE-2012-0867MEDIUMCVSS 4.3v6.2.z2012-07-18

CVE-2012-0867 [MEDIUM] CWE-20 CVE-2012-0867: PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

nvd

CVE-2012-1149HIGHCVSS 7.5v6.2.z2012-06-21

CVE-2012-1149 [HIGH] CWE-189 CVE-2012-1149: Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based b

nvd

CVE-2012-2313LOWCVSS 1.2v6.1.zv6.2.z2012-06-13

CVE-2012-2313 [LOW] CWE-264 CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does no The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

nvd

CVE-2012-0247HIGHCVSS 8.8v6.22012-06-05

CVE-2012-0247 [HIGH] CWE-20 CVE-2012-0247: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corrupt ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

nvd

CVE-2012-1798MEDIUMCVSS 6.5v6.22012-06-05

CVE-2012-1798 [MEDIUM] CWE-125 CVE-2012-1798: The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote atta The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

nvd

CVE-2012-0260MEDIUMCVSS 6.5v6.22012-06-05

CVE-2012-0260 [MEDIUM] CWE-400 CVE-2012-0260: The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attacke The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

nvd

CVE-2012-0248MEDIUMCVSS 5.5v6.22012-06-05

CVE-2012-0248 [MEDIUM] CWE-835 CVE-2012-0248: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

nvd

CVE-2012-1703MEDIUMCVSS 6.8v6.3.z2012-05-03

CVE-2012-1703 [MEDIUM] CVE-2012-1703: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

nvd

CVE-2011-3045HIGHCVSS 8.8v6.22012-03-22

CVE-2011-3045 [HIGH] CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

nvd

CVE-2011-3919HIGHCVSS 7.5v6.32012-01-07

CVE-2011-3919 [HIGH] CWE-787 CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote at Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

nvd

CVE-2011-3905MEDIUMCVSS 5.0v6.32011-12-13

CVE-2011-3905 [MEDIUM] CWE-125 CVE-2011-3905: libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of s libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

nvd

CVE-2011-2834MEDIUMCVSS 6.8v6.32011-09-19

CVE-2011-2834 [MEDIUM] CWE-415 CVE-2011-2834: Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

nvd

CVE-2011-1776MEDIUMCVSS 6.1v5.62011-09-06

CVE-2011-1776 [MEDIUM] CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check th The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecti

nvd

← Previous31 / 32Next →