Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2019/01/09 7:29 p.m.118 views

CVE-2018-6133

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS5.8AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.118 views

CVE-2018-6143

Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS5.9AI score0.01107EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.118 views

CVE-2018-6173

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.117 views

CVE-2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

4.3CVSS6.2AI score0.01866EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.117 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web sit...

6.1CVSS6.9AI score0.00865EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.117 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00439EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.117 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.117 views

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5AI score0.0041EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.117 views

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

7.5CVSS8.2AI score0.02142EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6165

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6175

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6178

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.

4.3CVSS5.1AI score0.00497EPSS
CVE
CVE
added 2009/08/18 9:0 p.m.116 views

CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_C...

5.9CVSS6.2AI score0.00089EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.116 views

CVE-2012-3959

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of...

10CVSS9.5AI score0.0352EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.116 views

CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have uns...

9.3CVSS9.4AI score0.01419EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.116 views

CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.6AI score0.55611EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.116 views

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote ...

4.3CVSS7.8AI score0.01708EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.116 views

CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

5.5CVSS3.9AI score0.0035EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.116 views

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory co...

7.2CVSS6.5AI score0.00049EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.116 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.116 views

CVE-2014-7145

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

7.8CVSS6.4AI score0.01212EPSS
CVE
CVE
added 2016/04/08 3:59 p.m.116 views

CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

7.5CVSS7.2AI score0.01EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.116 views

CVE-2017-5069

Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.

6.1CVSS6.3AI score0.00522EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.116 views

CVE-2017-5089

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2018/04/23 8:29 p.m.116 views

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

5.5CVSS5.2AI score0.0003EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.116 views

CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.19891EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.116 views

CVE-2018-6050

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS5.5AI score0.00909EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.116 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS7.1AI score0.0077EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.116 views

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00992EPSS
CVE
CVE
added 2011/02/18 8:0 p.m.115 views

CVE-2010-4649

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

6.9CVSS6.6AI score0.00069EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.115 views

CVE-2012-4185

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor...

9.3CVSS9.6AI score0.05225EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.115 views

CVE-2014-0420

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

2.8CVSS5AI score0.00701EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.115 views

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for...

9.3CVSS7.9AI score0.00906EPSS
CVE
CVE
added 2015/01/21 3:28 p.m.115 views

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

3.5CVSS6.1AI score0.00478EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.115 views

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS6.1AI score0.00353EPSS
CVE
CVE
added 2015/08/12 2:59 p.m.115 views

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3CVSS6.5AI score0.10855EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.115 views

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

3.5CVSS5AI score0.0041EPSS
CVE
CVE
added 2016/07/21 10:14 a.m.115 views

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3CVSS4.6AI score0.03131EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

7.4CVSS7.3AI score0.00217EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.

6.1CVSS6.4AI score0.0034EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.115 views

CVE-2018-6045

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00936EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.115 views

CVE-2018-6049

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.

6.5CVSS5.7AI score0.00688EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

5.8CVSS6AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6127

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6139

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

8.8CVSS6.5AI score0.01007EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8AI score0.01655EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6163

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.115 views

CVE-2018-6167

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2012/06/21 3:55 p.m.114 views

CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a ...

7.5CVSS7AI score0.0271EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.114 views

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions v...

4.3CVSS9AI score0.0084EPSS
Total number of security vulnerabilities1928