Filtered by vendor Oracle Subscriptions
Filtered by product Linux Subscriptions
Total 225 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5444 4 Ibm, Mariadb, Oracle and 1 more 12 Powerkvm, Mariadb, Linux and 9 more 2024-10-11 N/A
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
CVE-2016-0617 1 Oracle 1 Linux 2024-10-10 N/A
Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 42 Cassandra, Ubuntu Linux, Debian Linux and 39 more 2024-10-09 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2021-2464 1 Oracle 2 Engineered Systems Utilities, Linux 2024-09-25 7.8 High
Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVE-2022-21499 3 Debian, Oracle, Redhat 5 Debian Linux, Linux, Enterprise Linux and 2 more 2024-09-24 6.7 Medium
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2022-21504 1 Oracle 1 Linux 2024-09-24 5.5 Medium
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-21385 1 Oracle 1 Linux 2024-09-23 6.2 Medium
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-22024 1 Oracle 2 Linux, Vm Server 2024-09-13 5.5 Medium
In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2004-2771 4 Bsd Mailx Project, Heirloom, Oracle and 1 more 4 Bsd Mailx, Mailx, Linux and 1 more 2024-08-08 N/A
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVE-2007-6283 4 Centos, Fedoraproject, Oracle and 1 more 9 Centos, Fedora Core, Linux and 6 more 2024-08-07 N/A
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
CVE-2010-5325 3 Linuxfoundation, Oracle, Redhat 8 Foomatic-filters, Linux, Enterprise Linux and 5 more 2024-08-07 N/A
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
CVE-2011-2306 1 Oracle 1 Linux 2024-08-06 N/A
Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated."
CVE-2013-7421 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-08-06 N/A
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
CVE-2013-5704 5 Apache, Apple, Canonical and 2 more 17 Http Server, Mac Os X, Mac Os X Server and 14 more 2024-08-06 N/A
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
CVE-2013-5211 3 Ntp, Opensuse, Oracle 3 Ntp, Opensuse, Linux 2024-08-06 N/A
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
CVE-2013-4312 3 Linux, Oracle, Redhat 4 Linux Kernel, Linux, Enterprise Linux and 1 more 2024-08-06 N/A
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVE-2014-9750 4 Debian, Ntp, Oracle and 1 more 7 Debian Linux, Ntp, Linux and 4 more 2024-08-06 N/A
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2014-9751 6 Apple, Debian, Linux and 3 more 9 Macos, Debian Linux, Linux Kernel and 6 more 2024-08-06 N/A
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
CVE-2014-9644 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-08-06 N/A
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more 2024-08-06 N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.