Redhat Enterprise Linux Server Tus vulnerabilities
767 known vulnerabilities affecting redhat/enterprise_linux_server_tus.
Total CVEs
767
CISA KEV
20
actively exploited
Public exploits
60
Exploited in wild
25
Severity breakdown
CRITICAL109HIGH268MEDIUM337LOW53
Vulnerabilities
Page 38 of 39
CVE-2014-1505HIGHCVSS 7.5v6.52014-03-19
CVE-2014-1505 [HIGH] CVE-2014-1505: The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderb
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements
nvd
CVE-2014-1509HIGHCVSS 8.8v6.52014-03-19
CVE-2014-1509 [HIGH] CWE-120 CVE-2014-1509: Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox b
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.
nvd
CVE-2014-1513HIGHCVSS 8.8v6.52014-03-19
CVE-2014-1513 [HIGH] CWE-787 CVE-2014-1513: TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird befor
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted we
nvd
CVE-2014-1497HIGHCVSS 8.8v6.52014-03-19
CVE-2014-1497 [HIGH] CWE-125 CVE-2014-1497: The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x b
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impac
nvd
CVE-2014-0101HIGHCVSS 7.8v6.52014-03-11
CVE-2014-0101 [HIGH] CWE-476 CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does n
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and
nvd
CVE-2014-0069HIGHCVSS 7.2v6.52014-02-28
CVE-2014-0069 [HIGH] CWE-119 CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges
nvd
CVE-2014-1477CRITICALCVSS 9.8v6.52014-02-06
CVE-2014-1477 [CRITICAL] CVE-2014-1477: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox E
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2014-1486CRITICALCVSS 9.8v6.52014-02-06
CVE-2014-1486 [CRITICAL] CWE-416 CVE-2014-1486: Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
nvd
CVE-2014-1479HIGHCVSS 7.5v6.52014-02-06
CVE-2014-1479 [HIGH] CVE-2014-1479: The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
nvd
CVE-2014-1482HIGHCVSS 8.8v6.52014-02-06
CVE-2014-1482 [HIGH] CWE-787 CVE-2014-1482: RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
nvd
CVE-2014-1487HIGHCVSS 7.5v6.52014-02-06
CVE-2014-1487 [HIGH] CWE-346 CVE-2014-1487: The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunder
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
nvd
CVE-2014-1481HIGHCVSS 7.5v6.52014-02-06
CVE-2014-1481 [HIGH] CVE-2014-1481: Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey be
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
nvd
CVE-2013-6425MEDIUMCVSS 5.0v6.52014-01-18
CVE-2013-6425 [MEDIUM] CWE-191 CVE-2013-6425: Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used i
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
nvd
CVE-2014-0402MEDIUMCVSS 4.0v6.52014-01-15
CVE-2014-0402 [MEDIUM] CVE-2014-0402: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
nvd
CVE-2014-0401MEDIUMCVSS 4.0v6.52014-01-15
CVE-2014-0401 [MEDIUM] CVE-2014-0401: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
nvd
CVE-2014-0386MEDIUMCVSS 4.0v6.52014-01-15
CVE-2014-0386 [MEDIUM] CVE-2014-0386: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
nvd
CVE-2014-0412MEDIUMCVSS 4.0v6.52014-01-15
CVE-2014-0412 [MEDIUM] CVE-2014-0412: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
nvd
CVE-2014-0393LOWCVSS 3.3v6.52014-01-15
CVE-2014-0393 [LOW] CVE-2014-0393: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
nvd
CVE-2014-0437LOWCVSS 3.5v6.52014-01-15
CVE-2014-0437 [LOW] CVE-2014-0437: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
nvd
CVE-2013-5908LOWCVSS 2.6v6.52014-01-15
CVE-2013-5908 [LOW] CVE-2013-5908: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
nvd