Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2017/02/16 11:59 a.m.86 views

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.86 views

CVE-2018-7727

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

6.5CVSS4.7AI score0.00094EPSS
CVE
CVE
added 2005/03/08 5:0 a.m.85 views

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys,...

5.6CVSS5.4AI score0.00143EPSS
CVE
CVE
added 2008/08/08 6:41 p.m.85 views

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obt...

2.1CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.85 views

CVE-2016-1696

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00981EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.85 views

CVE-2016-7859

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.85 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

6.5CVSS6.3AI score0.00748EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.85 views

CVE-2017-15423

Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

5.3CVSS5.7AI score0.00599EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.85 views

CVE-2017-5077

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS
CVE
CVE
added 2018/07/26 1:29 p.m.85 views

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

7.5CVSS7.3AI score0.00079EPSS
CVE
CVE
added 2005/01/27 5:0 a.m.84 views

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

10CVSS7.3AI score0.04443EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.84 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS
CVE
CVE
added 2008/08/27 8:41 p.m.84 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.84 views

CVE-2012-3968

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a frag...

10CVSS9.2AI score0.01852EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of serv...

9.3CVSS9.4AI score0.04752EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.84 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

4.9CVSS4.8AI score0.00338EPSS
CVE
CVE
added 2022/09/29 3:15 a.m.84 views

CVE-2014-0144

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges ...

8.6CVSS7.2AI score0.01978EPSS
CVE
CVE
added 2014/11/07 7:55 p.m.84 views

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2016/05/24 3:59 p.m.84 views

CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unsp...

6.8CVSS7.2AI score0.09841EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.84 views

CVE-2016-1680

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

8.8CVSS8.7AI score0.01532EPSS
CVE
CVE
added 2017/12/09 6:29 a.m.84 views

CVE-2017-11215

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code ...

10CVSS9.2AI score0.05822EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.84 views

CVE-2017-15417

Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

5.3CVSS5.4AI score0.00618EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.84 views

CVE-2017-15418

Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

4.3CVSS4.9AI score0.00659EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.84 views

CVE-2017-5066

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.

6.5CVSS6.4AI score0.00177EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.84 views

CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

4.3CVSS4.9AI score0.00708EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.84 views

CVE-2017-5113

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01265EPSS
CVE
CVE
added 2017/08/22 6:29 p.m.84 views

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

8.8CVSS7.6AI score0.01645EPSS
CVE
CVE
added 2017/02/16 11:59 a.m.84 views

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.83 views

CVE-2002-2185

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from ...

4.9CVSS4.5AI score0.00377EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.83 views

CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of servi...

7.2CVSS7.5AI score0.0007EPSS
CVE
CVE
added 2007/03/06 8:19 p.m.83 views

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5CVSS7.3AI score0.09983EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.83 views

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

8.5CVSS7.7AI score0.07488EPSS
CVE
CVE
added 2008/05/08 12:20 a.m.83 views

CVE-2007-6282

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

7.1CVSS7AI score0.02449EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.83 views

CVE-2009-1837

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for me...

9.3CVSS7.9AI score0.02184EPSS
CVE
CVE
added 2013/02/08 8:55 p.m.83 views

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...

6.8CVSS7.5AI score0.2022EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.83 views

CVE-2013-5843

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10CVSS4.3AI score0.04897EPSS
CVE
CVE
added 2017/03/15 7:59 p.m.83 views

CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

6.5CVSS6.3AI score0.00228EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.83 views

CVE-2016-1674

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01011EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.83 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.83 views

CVE-2017-15398

A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.

9.8CVSS9AI score0.09047EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.83 views

CVE-2017-15416

Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

6.5CVSS7.2AI score0.0057EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.83 views

CVE-2017-5036

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

7.8CVSS7.5AI score0.00279EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.83 views

CVE-2017-5039

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

7.8CVSS7.8AI score0.00279EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.83 views

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

5.7CVSS6AI score0.00044EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.83 views

CVE-2017-5063

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS6.6AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.83 views

CVE-2017-5091

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.01098EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.83 views

CVE-2017-5100

A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.2AI score0.01098EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.83 views

CVE-2017-5114

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.3AI score0.01484EPSS
CVE
CVE
added 2017/02/09 3:59 p.m.83 views

CVE-2017-5848

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

7.5CVSS7AI score0.05482EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.83 views

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

6.5CVSS6.3AI score0.01269EPSS
Total number of security vulnerabilities1928