Every CVE whose affected-product data names Oracle Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-0235 — CVSS 10.0 (critical): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows…
CVE-2016-5408 — CVSS 9.8 (critical): Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat…
CVE-2016-5118 — CVSS 9.8 (critical): The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a |…
CVE-2016-5254 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2016-1908 — CVSS 9.8 (critical): The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for…
CVE-2010-5325 — CVSS 9.8 (critical): Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a…
CVE-2015-8391 — CVSS 9.8 (critical): The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a…
CVE-2015-8386 — CVSS 9.8 (critical): PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to…
CVE-2015-4643 — CVSS 9.8 (critical): Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows…
CVE-2016-2182 — CVSS 9.8 (critical): The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote…
CVE-2016-1962 — CVSS 9.8 (critical): Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2015-8668 — CVSS 9.8 (critical): Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote…
CVE-2016-1930 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote…
CVE-2016-2177 — CVSS 9.8 (critical): OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a…
CVE-2016-3587 — CVSS 9.6 (critical): Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity…
CVE-2016-3606 — CVSS 9.6 (critical): Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality…
CVE-2016-3598 — CVSS 9.6 (critical): Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity…
CVE-2016-3610 — CVSS 9.6 (critical): Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity…
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2015-7512 — CVSS 9.0 (critical): Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to…
CVE-2016-2802 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2795 — CVSS 8.8 (high): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2790 — CVSS 8.8 (high): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2791 — CVSS 8.8 (high): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-2792 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2793 — CVSS 8.8 (high): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers…
CVE-2016-2794 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-5264 — CVSS 8.8 (high): Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR…
CVE-2016-5263 — CVSS 8.8 (high): The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display…
CVE-2016-5259 — CVSS 8.8 (high): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-5258 — CVSS 8.8 (high): Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote…
CVE-2016-5252 — CVSS 8.8 (high): Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-4051 — CVSS 8.8 (high): Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of…
CVE-2016-3710 — CVSS 8.8 (high): The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to…
CVE-2016-1977 — CVSS 8.8 (high): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2801 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2800 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2799 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-1935 — CVSS 8.8 (high): Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to…
CVE-2016-1950 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in…
CVE-2016-1952 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote…
CVE-2016-1954 — CVSS 8.8 (high): The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7…
CVE-2016-2798 — CVSS 8.8 (high): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2797 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-1960 — CVSS 8.8 (high): Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1961 — CVSS 8.8 (high): Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and…
CVE-2016-1964 — CVSS 8.8 (high): Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote…
CVE-2016-2796 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before…
CVE-2016-1966 — CVSS 8.8 (high): The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1973 — CVSS 8.8 (high): Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers…
CVE-2016-1974 — CVSS 8.8 (high): The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory…
CVE-2016-4554 — CVSS 8.6 (high): mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct…
CVE-2016-6250 — CVSS 8.6 (high): Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash)…
CVE-2015-1779 — CVSS 8.6 (high): The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1)…
CVE-2016-4553 — CVSS 8.6 (high): client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which…
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2016-5388 — CVSS 8.1 (high): Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does…
CVE-2016-4054 — CVSS 8.1 (high): Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side…
CVE-2016-1714 — CVSS 8.1 (high): The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration…
CVE-2016-3477 — CVSS 8.1 (high): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x…
CVE-2016-0778 — CVSS 8.1 (high): The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when…
CVE-2016-5385 — CVSS 8.1 (high): PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from…
CVE-2016-5386 — CVSS 8.1 (high): The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not…
CVE-2021-3551 — CVSS 7.8 (high): A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log…
CVE-2016-4805 — CVSS 7.8 (high): Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of…
CVE-2016-2143 — CVSS 7.8 (high): The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local…
CVE-2016-4997 — CVSS 7.8 (high): The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before…
CVE-2016-5126 — CVSS 7.8 (high): Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of…
CVE-2015-3812 — CVSS 7.8 (high): Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before…
CVE-2021-2464 — CVSS 7.8 (high): Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability…
CVE-2016-4951 — CVSS 7.8 (high): The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local…
CVE-2016-4913 — CVSS 7.8 (high): The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries…
CVE-2015-2328 — CVSS 7.5 (high): PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to…
CVE-2016-4809 — CVSS 7.5 (high): The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers…
CVE-2016-4556 — CVSS 7.5 (high): Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service…
CVE-2016-4555 — CVSS 7.5 (high): client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via…
CVE-2014-3673 — CVSS 7.5 (high): The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a…
CVE-2015-5219 — CVSS 7.5 (high): The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
CVE-2004-2771 — CVSS 7.5 (high): The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute…
CVE-2016-5418 — CVSS 7.5 (high): The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote…
CVE-2015-7691 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7692 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7701 — CVSS 7.5 (high): Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a…
CVE-2015-7703 — CVSS 7.5 (high): The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote…
CVE-2015-8126 — CVSS 7.5 (high): Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54…
CVE-2015-8385 — CVSS 7.5 (high): PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote…
CVE-2015-8388 — CVSS 7.5 (high): PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows…
CVE-2016-6302 — CVSS 7.5 (high): The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket…
CVE-2016-2776 — CVSS 7.5 (high): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct…
CVE-2016-2181 — CVSS 7.5 (high): The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a…
CVE-2016-2180 — CVSS 7.5 (high): The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in…
CVE-2016-7039 — CVSS 7.5 (high): The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or…
CVE-2016-2179 — CVSS 7.5 (high): The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused…
CVE-2015-1351 — CVSS 7.5 (high): Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7…
CVE-2018-17962 — CVSS 7.5 (high): Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2014-3687 — CVSS 7.5 (high): The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows…
CVE-2015-3276 — CVSS 7.5 (high): The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher…
CVE-2015-3329 — CVSS 7.5 (high): Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and…
CVE-2016-0546 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2014-1737 — CVSS 7.2 (high): The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during…
CVE-2015-4819 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality…
CVE-2014-2706 — CVSS 7.1 (high): Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system…
CVE-2016-4998 — CVSS 7.1 (high): The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a…
CVE-2015-3330 — CVSS 6.8 (medium): The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the…
CVE-2016-0505 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2014-9751 — CVSS 6.8 (medium): The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a…
CVE-2022-21505 — CVSS 6.7 (medium): In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine…
CVE-2022-21499 — CVSS 6.7 (medium): KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a…
CVE-2015-8896 — CVSS 6.5 (medium): Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application…
CVE-2014-0207 — CVSS 6.5 (medium): The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before…
CVE-2014-3480 — CVSS 6.5 (medium): The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14…
CVE-2016-5404 — CVSS 6.5 (medium): The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to…
CVE-2015-7702 — CVSS 6.5 (medium): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2016-5844 — CVSS 6.5 (medium): Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via…
CVE-2016-0777 — CVSS 6.5 (medium): The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain…
CVE-2016-3521 — CVSS 6.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x…
CVE-2015-8631 — CVSS 6.5 (medium): Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow…
CVE-2014-8566 — CVSS 6.4 (medium): The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation…
CVE-2016-2837 — CVSS 6.3 (medium): Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox…
CVE-2022-21385 — CVSS 6.2 (medium): A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2…
CVE-2013-4312 — CVSS 6.2 (medium): The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by…
CVE-2016-5262 — CVSS 6.1 (medium): Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a…
CVE-2016-0640 — CVSS 6.1 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2016-2047 — CVSS 5.9 (medium): The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10…
CVE-2015-7977 — CVSS 5.9 (medium): ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a…
CVE-2015-7852 — CVSS 5.9 (medium): ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6…
CVE-2016-0695 — CVSS 5.9 (medium): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to…
CVE-2014-9750 — CVSS 5.8 (medium): ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive…
CVE-2011-2306 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown…
CVE-2014-0203 — CVSS 5.5 (medium): The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during…
CVE-2014-3647 — CVSS 5.5 (medium): arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS…
CVE-2014-8559 — CVSS 5.5 (medium): The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows…
CVE-2015-8922 — CVSS 5.5 (medium): The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of…
CVE-2016-0617 — CVSS 5.5 (medium): Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.
CVE-2016-0644 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2016-0646 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2016-0647 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x…
CVE-2016-0648 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x…
CVE-2016-0649 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2016-0650 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2016-0666 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x…
CVE-2016-2178 — CVSS 5.5 (medium): The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2016-4581 — CVSS 5.5 (medium): fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount…
CVE-2016-5265 — CVSS 5.5 (medium): Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and…
CVE-2016-5403 — CVSS 5.5 (medium): The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory…
CVE-2016-6197 — CVSS 5.5 (medium): fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry…
CVE-2016-6198 — CVSS 5.5 (medium): The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a…
CVE-2016-7166 — CVSS 5.5 (medium): libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service…
CVE-2022-21504 — CVSS 5.5 (medium): The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file…
CVE-2023-22024 — CVSS 5.5 (medium): In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that…
CVE-2015-8629 — CVSS 5.3 (medium): The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does…
CVE-2015-3195 — CVSS 5.3 (medium): The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and…
CVE-2016-3500 — CVSS 5.3 (medium): Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to…
CVE-2016-3615 — CVSS 5.3 (medium): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x…
CVE-2016-3508 — CVSS 5.3 (medium): Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to…
CVE-2016-2518 — CVSS 5.3 (medium): The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference…
CVE-2016-0641 — CVSS 5.1 (medium): Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x…
CVE-2015-4024 — CVSS 5.0 (medium): Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25…
CVE-2015-3811 — CVSS 5.0 (medium): epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to…
CVE-2015-0564 — CVSS 5.0 (medium): Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x…
CVE-2015-1819 — CVSS 5.0 (medium): The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML…
CVE-2015-2189 — CVSS 5.0 (medium): Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x…
CVE-2015-2188 — CVSS 5.0 (medium): epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize…
CVE-2015-8000 — CVSS 5.0 (medium): db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE…
CVE-2014-3581 — CVSS 5.0 (medium): The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows…
CVE-2013-5704 — CVSS 5.0 (medium): The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a…
CVE-2015-0253 — CVSS 5.0 (medium): The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member…
CVE-2015-0272 — CVSS 5.0 (medium): GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6…
CVE-2013-5211 — CVSS 5.0 (medium): The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic…
CVE-2014-3144 — CVSS 4.9 (medium): The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the…
CVE-2016-5440 — CVSS 4.9 (medium): Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x…
CVE-2007-6283 — CVSS 4.9 (medium): Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to…
CVE-2014-3145 — CVSS 4.9 (medium): The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3…
CVE-2015-0275 — CVSS 4.9 (medium): The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via…
CVE-2025-4598 — CVSS 4.7 (medium): A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID…
CVE-2014-2678 — CVSS 4.7 (medium): The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL…
CVE-2015-4879 — CVSS 4.6 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect…
CVE-2015-0239 — CVSS 4.4 (medium): The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization…
CVE-2026-35233 — CVSS 4.4 (medium): An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When…
CVE-2015-6243 — CVSS 4.3 (medium): The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which…
CVE-2016-3550 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect…
CVE-2015-6248 — CVSS 4.3 (medium): The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the…
CVE-2015-6246 — CVSS 4.3 (medium): The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7…
CVE-2015-6245 — CVSS 4.3 (medium): epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which…
CVE-2015-6244 — CVSS 4.3 (medium): The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7…
CVE-2016-3458 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity…
CVE-2014-3487 — CVSS 4.3 (medium): The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14…
CVE-2014-3479 — CVSS 4.3 (medium): The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before…
CVE-2016-1965 — CVSS 4.3 (medium): Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which…
CVE-2016-1958 — CVSS 4.3 (medium): browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the…