Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Linux
Total 225 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5262 2 Mozilla, Oracle 2 Firefox, Linux 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2016-4470 4 Linux, Novell, Oracle and 1 more 14 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 11 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-5252 2 Mozilla, Oracle 2 Firefox, Linux 2025-04-12 6.8 MEDIUM 8.8 HIGH
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
CVE-2016-0505 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 6.8 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
CVE-2016-0609 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 1.7 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
CVE-2016-3550 1 Oracle 3 Jdk, Jre, Linux 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
CVE-2016-1958 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Linux 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
CVE-2016-0646 6 Debian, Ibm, Mariadb and 3 more 7 Debian Linux, Powerkvm, Mariadb and 4 more 2025-04-12 4.0 MEDIUM 5.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
CVE-2016-5403 5 Canonical, Debian, Oracle and 2 more 13 Ubuntu Linux, Debian Linux, Linux and 10 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-5259 2 Mozilla, Oracle 2 Firefox, Linux 2025-04-12 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
CVE-2014-0207 5 Christos Zoulas, Debian, Opensuse and 2 more 5 File, Debian Linux, Opensuse and 2 more 2025-04-12 4.3 MEDIUM N/A
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
CVE-2016-6197 2 Linux, Oracle 3 Linux Kernel, Linux, Vm Server 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
CVE-2013-5704 5 Apache, Apple, Canonical and 2 more 16 Http Server, Mac Os X, Mac Os X Server and 13 more 2025-04-12 5.0 MEDIUM N/A
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
CVE-2016-4553 3 Canonical, Oracle, Squid-cache 3 Ubuntu Linux, Linux, Squid 2025-04-12 5.0 MEDIUM 8.6 HIGH
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2016-4809 3 Libarchive, Oracle, Redhat 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2011-2306 1 Oracle 1 Linux 2025-04-11 5.5 MEDIUM N/A
Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated."
CVE-2013-5211 3 Ntp, Opensuse, Oracle 3 Ntp, Opensuse, Linux 2025-04-11 5.0 MEDIUM N/A
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
CVE-2007-6283 4 Centos, Fedoraproject, Oracle and 1 more 9 Centos, Fedora Core, Linux and 6 more 2025-04-09 4.9 MEDIUM N/A
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
CVE-2023-22024 1 Oracle 2 Linux, Vm Server 2024-11-21 N/A 5.5 MEDIUM
In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-21504 1 Oracle 1 Linux 2024-11-21 2.1 LOW 5.5 MEDIUM
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).