Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVEadded 2014/03/19 10:55 a.m.113 views

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appl...

8.8CVSS9.4AI score0.00502EPSS
CVE
CVEadded 2014/04/16 2:55 a.m.113 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1CVSS4.3AI score0.00819EPSS
CVE
CVEadded 2014/09/28 10:55 a.m.113 views

CVE-2014-7145

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

7.8CVSS6.4AI score0.01212EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.113 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00501EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.113 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

4CVSS4.8AI score0.00555EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.113 views

CVE-2016-0596

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

4CVSS5.1AI score0.00595EPSS
CVE
CVEadded 2017/10/27 5:29 a.m.113 views

CVE-2017-5069

Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.

6.1CVSS6.3AI score0.00522EPSS
CVE
CVEadded 2013/01/17 1:55 a.m.112 views

CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

5.5CVSS3.9AI score0.0035EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.112 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application cras...

9.1CVSS9.1AI score0.00986EPSS
CVE
CVEadded 2014/04/30 10:49 a.m.112 views

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap ...

9.8CVSS8.3AI score0.03612EPSS
CVE
CVEadded 2015/12/07 8:59 p.m.112 views

CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

7.5CVSS7.5AI score0.01757EPSS
CVE
CVEadded 2015/08/12 2:59 p.m.112 views

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3CVSS6.5AI score0.12372EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.112 views

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5AI score0.0041EPSS
CVE
CVEadded 2017/01/27 10:59 p.m.112 views

CVE-2016-9636

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buff...

9.8CVSS9.2AI score0.1664EPSS
CVE
CVEadded 2017/09/14 6:29 a.m.112 views

CVE-2017-12902

The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

9.8CVSS9.3AI score0.0206EPSS
CVE
CVEadded 2017/09/14 6:29 a.m.112 views

CVE-2017-12987

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

9.8CVSS9.3AI score0.0206EPSS
CVE
CVEadded 2018/09/25 2:29 p.m.112 views

CVE-2018-6050

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS5.5AI score0.00909EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.112 views

CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

9.3CVSS6.5AI score0.01383EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.112 views

CVE-2018-6158

A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.6AI score0.01375EPSS
CVE
CVEadded 2012/08/29 10:56 a.m.111 views

CVE-2012-3972

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trig...

5CVSS8.8AI score0.04549EPSS
CVE
CVEadded 2014/01/15 4:8 p.m.111 views

CVE-2014-0420

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

2.8CVSS5AI score0.00806EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.111 views

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9.4AI score0.02025EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.111 views

CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS9.5AI score0.04165EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.111 views

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS6.1AI score0.00493EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.111 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS
CVE
CVEadded 2018/08/01 1:29 p.m.111 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS
CVE
CVEadded 2017/07/17 5:29 p.m.111 views

CVE-2017-10978

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

7.5CVSS8.4AI score0.02231EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.111 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.01973EPSS
CVE
CVEadded 2018/05/09 3:29 p.m.111 views

CVE-2018-1089

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, t...

7.5CVSS6.7AI score0.14569EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.111 views

CVE-2018-17470

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

7.4CVSS8.1AI score0.01742EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.111 views

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

7.5CVSS7.2AI score0.00789EPSS
CVE
CVEadded 2018/09/25 2:29 p.m.111 views

CVE-2018-6045

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00936EPSS
CVE
CVEadded 2018/09/25 2:29 p.m.111 views

CVE-2018-6049

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.

6.5CVSS5.7AI score0.00688EPSS
CVE
CVEadded 2018/11/14 3:29 p.m.111 views

CVE-2018-6064

Type Confusion in the implementation of defineGetter in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.21649EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.111 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS7.1AI score0.0077EPSS
CVE
CVEadded 2013/02/19 11:55 p.m.110 views

CVE-2013-0780

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a de...

9.3CVSS9.4AI score0.02146EPSS
CVE
CVEadded 2014/02/06 5:44 a.m.110 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.110 views

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

3.5CVSS6.1AI score0.00286EPSS
CVE
CVEadded 2015/04/08 6:59 p.m.110 views

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

4CVSS7.7AI score0.00773EPSS
CVE
CVEadded 2017/12/09 6:29 a.m.110 views

CVE-2017-11213

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized tr...

10CVSS9.3AI score0.11384EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox

9.8CVSS7.6AI score0.00365EPSS
CVE
CVEadded 2018/09/25 2:29 p.m.110 views

CVE-2018-6032

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

6.5CVSS5.7AI score0.00797EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.110 views

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

5.8CVSS6AI score0.00963EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.110 views

CVE-2018-6170

A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.3AI score0.01655EPSS
CVE
CVEadded 2014/02/06 5:44 a.m.109 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVEadded 2014/04/30 10:49 a.m.109 views

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of s...

9.8CVSS8.4AI score0.06412EPSS
CVE
CVEadded 2014/04/16 2:55 a.m.109 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

2.6CVSS4.2AI score0.01132EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.109 views

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

3.5CVSS5AI score0.0041EPSS
CVE
CVEadded 2016/07/21 10:14 a.m.109 views

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3CVSS4.6AI score0.03131EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5451

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbi...

4.3CVSS5.7AI score0.00588EPSS
Total number of security vulnerabilities1928