Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2019/02/12 11:29 p.m.180 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2014/01/31 11:55 p.m.179 views

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

7.5CVSS7.2AI score0.20195EPSS
CVE
CVE
added 2017/09/05 6:29 a.m.179 views

CVE-2017-1000083

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action...

7.8CVSS7.8AI score0.79825EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.179 views

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

5.5CVSS4.9AI score0.00062EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.179 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.00774EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.179 views

CVE-2017-3456

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.179 views

CVE-2017-5402

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbir...

9.8CVSS8.1AI score0.02663EPSS
CVE
CVE
added 2018/12/19 4:29 p.m.179 views

CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

9.8CVSS9.8AI score0.1561EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.179 views

CVE-2018-5159

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS6.9AI score0.33836EPSS
Web
CVE
CVE
added 2017/08/08 3:29 p.m.178 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this ...

8.1CVSS7.8AI score0.00892EPSS
CVE
CVE
added 2018/05/10 3:29 p.m.178 views

CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

5.5CVSS5.7AI score0.00254EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.178 views

CVE-2018-5154

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7AI score0.03014EPSS
CVE
CVE
added 2017/07/21 2:29 p.m.177 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS
CVE
CVE
added 2018/10/31 8:29 p.m.177 views

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

6.5CVSS6.5AI score0.12776EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.177 views

CVE-2017-5378

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR ...

7.5CVSS8.1AI score0.01795EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.177 views

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

7.8CVSS6.6AI score0.0072EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.177 views

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects T...

5.3CVSS6.6AI score0.01011EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

7.5CVSS7.8AI score0.01441EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2017-5396

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9.1AI score0.01695EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.176 views

CVE-2018-12396

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox

6.5CVSS7.2AI score0.00716EPSS
CVE
CVE
added 2018/09/06 2:29 p.m.176 views

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slap...

7.5CVSS6.3AI score0.01478EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.176 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as sh...

9.3CVSS7.5AI score0.92401EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, a...

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.175 views

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

7.2CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.175 views

CVE-2017-5383

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

5.3CVSS6.5AI score0.02444EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.175 views

CVE-2017-5447

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Fire...

9.1CVSS7.9AI score0.17854EPSS
CVE
CVE
added 2018/05/18 4:29 p.m.175 views

CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

7.8CVSS7.7AI score0.00672EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.174 views

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS8.2AI score0.07797EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.174 views

CVE-2017-3291

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure ...

6.3CVSS5.4AI score0.0008EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.174 views

CVE-2017-5376

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9AI score0.02031EPSS
CVE
CVE
added 2018/07/28 11:29 p.m.174 views

CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

6.5CVSS7.3AI score0.01018EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.173 views

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

8.8CVSS8.3AI score0.04205EPSS
CVE
CVE
added 2013/01/25 12:0 p.m.173 views

CVE-2012-5689

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1CVSS7.9AI score0.0381EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.173 views

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.8AI score0.10156EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.173 views

CVE-2017-5373

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7,...

9.8CVSS9.9AI score0.02031EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.173 views

CVE-2018-5155

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7AI score0.03014EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.172 views

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.171 views

CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

5CVSS6.6AI score0.01988EPSS
CVE
CVE
added 2018/08/01 5:29 p.m.171 views

CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8CVSS7.4AI score0.00318EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.171 views

CVE-2017-5443

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.1AI score0.02016EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.171 views

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

7.8CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.171 views

CVE-2019-2996

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

4.2CVSS4.5AI score0.0332EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.171 views

CVE-2020-6400

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01906EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.170 views

CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firef...

7.5CVSS7.5AI score0.01255EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.170 views

CVE-2017-3244

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.5CVSS5.8AI score0.00303EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.170 views

CVE-2018-12379

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This ...

7.8CVSS6AI score0.00098EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.170 views

CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

7.8CVSS6.6AI score0.0072EPSS
CVE
CVE
added 2020/02/27 11:15 p.m.170 views

CVE-2020-6384

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00809EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.169 views

CVE-2017-3243

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes...

4.4CVSS4.5AI score0.01253EPSS
CVE
CVE
added 2018/04/25 9:29 a.m.169 views

CVE-2018-10372

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

5.5CVSS5.9AI score0.00328EPSS
Total number of security vulnerabilities1928