Redhat » Enterprise Linux Server Eus » 7.4 : Security Vulnerabilities, CVEs,
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Max CVSS
10.0
EPSS Score
0.89%
Published
2016-06-09
Updated
2023-02-12
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Max CVSS
10.0
EPSS Score
0.68%
Published
2016-09-20
Updated
2021-08-04
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Max CVSS
10.0
EPSS Score
0.48%
Published
2018-06-11
Updated
2018-08-01
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Max CVSS
10.0
EPSS Score
1.00%
Published
2018-06-11
Updated
2018-08-01
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Max CVSS
10.0
EPSS Score
1.01%
Published
2018-06-11
Updated
2018-08-01
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Max CVSS
10.0
EPSS Score
0.97%
Published
2018-06-11
Updated
2018-08-01
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Max CVSS
10.0
EPSS Score
0.39%
Published
2017-10-05
Updated
2019-10-03
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Max CVSS
9.9
EPSS Score
0.14%
Published
2018-07-27
Updated
2021-08-04
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
Max CVSS
9.9
EPSS Score
0.15%
Published
2018-07-27
Updated
2021-08-04
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
Max CVSS
9.8
EPSS Score
0.95%
Published
2016-05-16
Updated
2019-12-27
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
Max CVSS
9.8
EPSS Score
1.83%
Published
2017-10-18
Updated
2019-05-10
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
Max CVSS
9.8
EPSS Score
1.37%
Published
2017-10-18
Updated
2019-05-09
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Max CVSS
9.8
EPSS Score
0.62%
Published
2018-06-11
Updated
2018-08-03
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Max CVSS
9.8
EPSS Score
0.88%
Published
2018-06-11
Updated
2018-08-03
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Max CVSS
9.8
EPSS Score
85.18%
Published
2018-06-11
Updated
2018-08-03
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
Max CVSS
9.8
EPSS Score
2.01%
Published
2017-08-31
Updated
2019-10-09
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
Max CVSS
9.8
EPSS Score
13.51%
Published
2017-10-11
Updated
2019-10-09
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Max CVSS
9.8
EPSS Score
0.67%
Published
2018-07-27
Updated
2019-10-09
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Max CVSS
9.8
EPSS Score
0.41%
Published
2018-04-24
Updated
2022-06-07
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Max CVSS
9.8
EPSS Score
0.49%
Published
2018-06-11
Updated
2018-08-02
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Max CVSS
9.8
EPSS Score
0.49%
Published
2018-06-11
Updated
2018-08-02