Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVEadded 2012/06/09 12:55 a.m.142 views

CVE-2012-2039

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitra...

9.3CVSS7.6AI score0.03866EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2016-9902

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s ...

7.5CVSS7.8AI score0.00411EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-5434

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-5441

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-5445

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

7.5CVSS7.9AI score0.02252EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS7.6AI score0.01031EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.2AI score0.03042EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.142 views

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cl...

7.5CVSS6.7AI score0.01115EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.142 views

CVE-2018-12372

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird

6.5CVSS7.2AI score0.00452EPSS
CVE
CVEadded 2018/02/19 3:29 p.m.142 views

CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packe...

9.8CVSS8.7AI score0.03567EPSS
CVE
CVEadded 2012/06/16 9:55 p.m.141 views

CVE-2012-1717

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

2.1CVSS7.6AI score0.00155EPSS
CVE
CVEadded 2014/01/15 4:8 p.m.141 views

CVE-2014-0412

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS7.6AI score0.00493EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.141 views

CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.23668EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.141 views

CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

9.1CVSS7.9AI score0.23645EPSS
Web
CVE
CVEadded 2018/06/11 9:29 p.m.141 views

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.10902EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.141 views

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and ...

5.3CVSS6.5AI score0.01355EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.141 views

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thu...

10CVSS8.9AI score0.02508EPSS
CVE
CVEadded 2009/08/27 5:30 p.m.140 views

CVE-2009-2698

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

7.8CVSS7.1AI score0.21801EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.140 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.140 views

CVE-2017-5405

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.4AI score0.02352EPSS
CVE
CVEadded 2018/03/23 9:29 p.m.140 views

CVE-2018-1000140

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se...

9.8CVSS9.7AI score0.43633EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.140 views

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firef...

8.6CVSS9.2AI score0.02394EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.139 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00555EPSS
CVE
CVEadded 2015/10/22 12:0 a.m.139 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

3.5CVSS5.2AI score0.00508EPSS
CVE
CVEadded 2017/08/07 8:29 p.m.139 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

5.9CVSS7.1AI score0.03535EPSS
CVE
CVEadded 2016/05/11 9:59 p.m.139 views

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

8.8CVSS8.7AI score0.00086EPSS
CVE
CVEadded 2018/07/27 9:29 p.m.139 views

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw ...

9.9CVSS8AI score0.01523EPSS
CVE
CVEadded 2017/08/08 3:29 p.m.139 views

CVE-2017-10111

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to com...

9.6CVSS9AI score0.0126EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.139 views

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and F...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.139 views

CVE-2017-7784

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.06834EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.139 views

CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

8.1CVSS7.8AI score0.0082EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.139 views

CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8CVSS8.8AI score0.19891EPSS
CVE
CVEadded 2020/02/13 4:15 p.m.139 views

CVE-2020-3757

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.05414EPSS
CVE
CVEadded 2015/01/09 9:59 p.m.138 views

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1CVSS4.9AI score0.00045EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.138 views

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

4.3CVSS5.4AI score0.21326EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.138 views

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

10CVSS9AI score0.02462EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.138 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information dis...

6.5CVSS6.7AI score0.01101EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.138 views

CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02485EPSS
CVE
CVEadded 2018/09/05 6:29 p.m.138 views

CVE-2018-16541

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

5.5CVSS6.2AI score0.00454EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.138 views

CVE-2018-6124

Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.02059EPSS
CVE
CVEadded 2020/02/08 7:15 p.m.137 views

CVE-2012-4512

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

8.8CVSS8AI score0.09042EPSS
CVE
CVEadded 2013/02/08 7:55 p.m.137 views

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.7AI score0.0143EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.137 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0441EPSS
CVE
CVEadded 2017/08/09 4:29 p.m.137 views

CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 ...

7.5CVSS7.2AI score0.06205EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.137 views

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/01/18 2:29 a.m.137 views

CVE-2018-2638

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful att...

8.3CVSS8AI score0.00936EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.137 views

CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox

8.8CVSS9.2AI score0.18402EPSS
CVE
CVEadded 2013/01/13 8:55 p.m.136 views

CVE-2013-0754

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to exec...

9.3CVSS9.4AI score0.0283EPSS
CVE
CVEadded 2015/07/16 10:59 a.m.136 views

CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

4CVSS4.6AI score0.00679EPSS
CVE
CVEadded 2016/03/24 1:59 a.m.136 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS
Total number of security vulnerabilities1928