Vulnerabilities > Oracle > Linux

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-22024 Unspecified vulnerability in Oracle Linux and VM Server
In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant.
local
low complexity
oracle
5.5
2022-08-29 CVE-2022-21385 Unspecified vulnerability in Oracle Linux
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine.
local
low complexity
oracle
6.2
2022-06-14 CVE-2022-21504 Use After Free vulnerability in Oracle Linux 7/8
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing.
local
low complexity
oracle CWE-416
5.5
2022-06-09 CVE-2022-21499 Out-of-bounds Write vulnerability in multiple products
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
local
low complexity
oracle debian CWE-787
6.7
2022-02-16 CVE-2021-3551 Cleartext Storage of Sensitive Information vulnerability in multiple products
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file.
7.8
2021-09-24 CVE-2021-2464 Unspecified vulnerability in Oracle Engineered Systems Utilities and Linux
Vulnerability in Oracle Linux (component: OSwatcher).
local
low complexity
oracle
7.8
2018-10-09 CVE-2018-17962 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu suse debian canonical redhat oracle CWE-190
7.5
2017-08-07 CVE-2015-7852 Improper Input Validation vulnerability in multiple products
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
network
high complexity
ntp debian netapp oracle redhat CWE-20
5.9
2017-08-07 CVE-2015-7702 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
6.5
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
7.5