Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2015/04/16 4:59 p.m.119 views

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5CVSS4.8AI score0.00555EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.119 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.119 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00501EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.119 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.119 views

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thu...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.119 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.119 views

CVE-2018-16078

Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.4AI score0.00472EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.119 views

CVE-2018-17474

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01384EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.119 views

CVE-2018-6062

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.2AI score0.01241EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.119 views

CVE-2018-6096

A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

6.5CVSS6.3AI score0.00963EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.118 views

CVE-2012-1976

Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a den...

10CVSS9.4AI score0.03172EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.118 views

CVE-2013-0775

Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted ...

9.3CVSS9.6AI score0.00914EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.118 views

CVE-2013-0783

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application ...

9.3CVSS9.9AI score0.01206EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.118 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.118 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl...

4.6CVSS5.6AI score0.00075EPSS
Web
CVE
CVE
added 2015/04/08 6:59 p.m.118 views

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5CVSS7.9AI score0.11428EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.118 views

CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

3.5CVSS4.8AI score0.00501EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.118 views

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

5CVSS6.7AI score0.02195EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.118 views

CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

7.5CVSS7.1AI score0.0226EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.118 views

CVE-2017-5088

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.118 views

CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.1AI score0.01066EPSS
CVE
CVE
added 2018/07/26 3:29 p.m.118 views

CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

6.5CVSS6.7AI score0.00256EPSS
CVE
CVE
added 2018/08/20 9:29 p.m.118 views

CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

7.4CVSS6.7AI score0.02955EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.118 views

CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

8.8CVSS6.2AI score0.01563EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.118 views

CVE-2018-6078

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

4.3CVSS4.8AI score0.00686EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.118 views

CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.01257EPSS
CVE
CVE
added 2019/04/19 2:29 p.m.118 views

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

7.5CVSS7.6AI score0.01619EPSS
CVE
CVE
added 2013/03/01 12:37 p.m.117 views

CVE-2011-1182

kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.

3.6CVSS6.8AI score0.00059EPSS
CVE
CVE
added 2011/09/06 4:55 p.m.117 views

CVE-2011-1776

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or ob...

6.1CVSS7.2AI score0.00123EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.117 views

CVE-2014-0386

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.117 views

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

4CVSS7.8AI score0.00501EPSS
CVE
CVE
added 2015/06/15 3:59 p.m.117 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.117 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

7.5CVSS8.1AI score0.00456EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.117 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.117 views

CVE-2016-9811

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

4.7CVSS4.8AI score0.00485EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.117 views

CVE-2017-15396

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.2AI score0.01792EPSS
CVE
CVE
added 2017/11/20 8:29 p.m.117 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into...

5.5CVSS5.4AI score0.01063EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.117 views

CVE-2017-5094

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

6.5CVSS6.4AI score0.00985EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.117 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

6.5CVSS7.1AI score0.00908EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-16082

An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

6.5CVSS6.8AI score0.0051EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.117 views

CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01624EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.117 views

CVE-2018-5144

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird

7.5CVSS7.8AI score0.04415EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.117 views

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird

9.8CVSS9.6AI score0.03014EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.117 views

CVE-2018-6061

A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.6AI score0.01007EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.117 views

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

4.7CVSS5.2AI score0.00685EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6093

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00992EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6123

A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.5AI score0.01976EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6133

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS5.8AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6143

Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS5.9AI score0.01107EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6173

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
Total number of security vulnerabilities1928