Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.154 views

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firef...

10CVSS9AI score0.02182EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.154 views

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thu...

10CVSS8.9AI score0.02513EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.153 views

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.1AI score0.01068EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.153 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.153 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.0257EPSS
CVE
CVE
added 2018/03/09 3:29 p.m.153 views

CVE-2018-1071

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

5.5CVSS6.2AI score0.00069EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.153 views

CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

7.5CVSS6.7AI score0.29514EPSS
CVE
CVE
added 2012/06/09 12:55 a.m.152 views

CVE-2012-2035

Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allo...

9.3CVSS7.9AI score0.03472EPSS
CVE
CVE
added 2013/03/11 10:55 a.m.152 views

CVE-2013-2555

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK ...

10CVSS7.8AI score0.05981EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.152 views

CVE-2015-4870

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

4CVSS5.1AI score0.19279EPSS
Web
CVE
CVE
added 2017/01/27 10:59 p.m.152 views

CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

5.5CVSS6.6AI score0.00444EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.152 views

CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

7.5CVSS8.4AI score0.18555EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.152 views

CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

8.1CVSS8.2AI score0.04536EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.152 views

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond t...

7.5CVSS6.2AI score0.23134EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.152 views

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8AI score0.01427EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.152 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.01377EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.152 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.152 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.1CVSS7.8AI score0.01812EPSS
CVE
CVE
added 2018/07/26 5:29 p.m.152 views

CVE-2018-10901

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu ...

7.8CVSS7.5AI score0.00147EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.152 views

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS6.1AI score0.00606EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.151 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/10/15 4:29 p.m.151 views

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

8.6CVSS6.7AI score0.16857EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.150 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

1.7CVSS5.2AI score0.01015EPSS
CVE
CVE
added 2018/03/01 10:29 p.m.150 views

CVE-2017-15134

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, th...

7.5CVSS6.8AI score0.017EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.150 views

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.0164EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.150 views

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affect...

5.4CVSS6.1AI score0.01416EPSS
CVE
CVE
added 2013/02/27 12:55 a.m.149 views

CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SW...

9.3CVSS7.6AI score0.36931EPSS
In wild
CVE
CVE
added 2013/04/19 11:44 a.m.149 views

CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash...

4CVSS5.9AI score0.02637EPSS
CVE
CVE
added 2015/12/06 8:59 p.m.149 views

CVE-2015-3196

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted Ser...

4.3CVSS6.2AI score0.0568EPSS
CVE
CVE
added 2018/07/03 1:29 a.m.149 views

CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or poten...

9.1CVSS7.7AI score0.00386EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.149 views

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.2AI score0.02663EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.149 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00624EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.149 views

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.3AI score0.07258EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.149 views

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.3AI score0.01451EPSS
CVE
CVE
added 2018/03/01 5:29 p.m.149 views

CVE-2018-7550

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

8.8CVSS8.5AI score0.00094EPSS
CVE
CVE
added 2017/01/28 1:59 a.m.148 views

CVE-2017-5204

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

9.8CVSS9.5AI score0.0217EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.148 views

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be...

7.8CVSS7.6AI score0.00319EPSS
CVE
CVE
added 2017/06/06 9:29 p.m.148 views

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

9CVSS8.5AI score0.48699EPSS
CVE
CVE
added 2018/03/07 1:29 p.m.148 views

CVE-2018-1054

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of...

7.5CVSS7.3AI score0.06851EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.147 views

CVE-2005-0337

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

7.5CVSS6.6AI score0.00846EPSS
CVE
CVE
added 2007/06/20 10:30 p.m.147 views

CVE-2007-3304

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

4.7CVSS6.2AI score0.00233EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.147 views

CVE-2017-1000050

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

7.5CVSS7.2AI score0.01605EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.147 views

CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9....

7.5CVSS7.1AI score0.34706EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.147 views

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS7.7AI score0.02314EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.147 views

CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox

8.8CVSS8.5AI score0.01193EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.146 views

CVE-2013-0750

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary cod...

9.3CVSS9.6AI score0.0381EPSS
CVE
CVE
added 2014/07/03 5:55 p.m.146 views

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

10CVSS6.3AI score0.07117EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.146 views

CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS8AI score0.01098EPSS
CVE
CVE
added 2018/09/10 4:29 p.m.146 views

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix f...

7.8CVSS7.3AI score0.92401EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.146 views

CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird

9.8CVSS9.2AI score0.01646EPSS
Total number of security vulnerabilities1928