Redhat Enterprise Linux For Scientific Computing — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Linux For Scientific Computing, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2019-13726 — CVSS 8.8 (high): Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a…
CVE-2021-44142 — CVSS 8.8 (high): The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and…
CVE-2021-3656 — CVSS 8.8 (high): A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine…
CVE-2019-13725 — CVSS 8.8 (high): Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML…
CVE-2019-13727 — CVSS 8.8 (high): Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy…
CVE-2019-13728 — CVSS 8.8 (high): Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-13729 — CVSS 8.8 (high): Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13730 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13732 — CVSS 8.8 (high): Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13735 — CVSS 8.8 (high): Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a…
CVE-2019-13736 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13741 — CVSS 8.8 (high): Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin…
CVE-2023-5869 — CVSS 8.8 (high): A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during…
CVE-2016-2818 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote…
CVE-2019-13747 — CVSS 8.8 (high): Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap…
CVE-2020-25717 — CVSS 8.1 (high): A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible…
CVE-2023-0494 — CVSS 7.8 (high): A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by…
CVE-2022-0330 — CVSS 7.8 (high): A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code…
CVE-2024-0409 — CVSS 7.8 (high): A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the…
CVE-2023-5367 — CVSS 7.8 (high): A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when…
CVE-2016-9675 — CVSS 7.8 (high): openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to…
CVE-2023-3972 — CVSS 7.8 (high): A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of…
CVE-2023-3899 — CVSS 7.8 (high): A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus…
CVE-2018-16881 — CVSS 7.5 (high): A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the…
CVE-2021-4091 — CVSS 7.5 (high): A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series…
CVE-2015-3405 — CVSS 7.5 (high): ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian…
CVE-2020-25719 — CVSS 7.2 (high): A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD…
CVE-2015-3214 — CVSS 6.9 (medium): The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write…
CVE-2019-13738 — CVSS 6.5 (medium): Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via…
CVE-2016-5009 — CVSS 6.5 (medium): The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault…
CVE-2019-13737 — CVSS 6.5 (medium): Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially…
CVE-2019-13739 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via…
CVE-2019-13740 — CVSS 6.5 (medium): Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted…
CVE-2019-13742 — CVSS 6.5 (medium): Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13743 — CVSS 6.5 (medium): Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI…
CVE-2019-13744 — CVSS 6.5 (medium): Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13746 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13748 — CVSS 6.5 (medium): Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially…
CVE-2019-13749 — CVSS 6.5 (medium): Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13750 — CVSS 6.5 (medium): Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures…
CVE-2019-13751 — CVSS 6.5 (medium): Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-13752 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-13753 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-6470 — CVSS 6.5 (medium): There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also…
CVE-2023-5455 — CVSS 6.5 (medium): A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an…
CVE-2016-2124 — CVSS 5.9 (medium): A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent…
CVE-2024-0408 — CVSS 5.5 (medium): A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When…
CVE-2019-7317 — CVSS 5.3 (medium): png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2017-15129 — CVSS 4.7 (medium): A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function…
CVE-2019-13756 — CVSS 4.3 (medium): Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted…
CVE-2019-13755 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a…
CVE-2019-13763 — CVSS 4.3 (medium): Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the…
CVE-2019-13754 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation…
CVE-2019-13761 — CVSS 4.3 (medium): Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN…
CVE-2019-13759 — CVSS 4.3 (medium): Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a…
CVE-2019-13758 — CVSS 4.3 (medium): Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass…
CVE-2019-13757 — CVSS 4.3 (medium): Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN…
CVE-2018-16866 — CVSS 3.3 (low): An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local…
CVE-2019-13762 — CVSS 3.3 (low): Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded…
CVE-2012-1717 — CVSS 2.1 (low): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and…