Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2013/10/16 5:55 p.m.80 views

CVE-2013-5843

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10CVSS4.3AI score0.04897EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.80 views

CVE-2016-0741

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

7.8CVSS7.1AI score0.02363EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1674

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01011EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1699

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to b...

6.5CVSS6.7AI score0.00575EPSS
Web
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1700

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors relate...

7.5CVSS8.1AI score0.01724EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.80 views

CVE-2016-4150

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.04131EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.80 views

CVE-2016-7857

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2018/08/01 6:29 a.m.80 views

CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

8.1CVSS7.7AI score0.01413EPSS
CVE
CVE
added 2017/12/01 8:29 a.m.80 views

CVE-2017-11281

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

9.8CVSS9.4AI score0.45372EPSS
Web
CVE
CVE
added 2018/08/28 7:29 p.m.80 views

CVE-2017-15409

Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01095EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.80 views

CVE-2017-5036

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

7.8CVSS7.5AI score0.00279EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.80 views

CVE-2017-5039

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

7.8CVSS7.8AI score0.00279EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.80 views

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

5.7CVSS6AI score0.00044EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.80 views

CVE-2017-5063

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS6.6AI score0.00911EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.79 views

CVE-2004-0883

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returnin...

6.4CVSS7.6AI score0.19542EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.79 views

CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2012/06/21 3:55 p.m.79 views

CVE-2012-2149

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report t...

7.5CVSS6.6AI score0.07926EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.79 views

CVE-2012-3956

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial...

10CVSS9.4AI score0.02314EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.79 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.79 views

CVE-2012-5835

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) v...

10CVSS9.1AI score0.02068EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.79 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

4.9CVSS4.8AI score0.00338EPSS
CVE
CVE
added 2022/09/29 3:15 a.m.79 views

CVE-2014-0144

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges ...

8.6CVSS7.2AI score0.01978EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.79 views

CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

4.3CVSS6AI score0.01566EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.79 views

CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

2.1CVSS5.4AI score0.00073EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.79 views

CVE-2016-1688

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

6.5CVSS6.6AI score0.04867EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.79 views

CVE-2016-1703

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00999EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.79 views

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

8.8CVSS8.7AI score0.05065EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.79 views

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8CVSS8.7AI score0.0283EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.79 views

CVE-2016-4153

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.04131EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.79 views

CVE-2017-15398

A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.

9.8CVSS9AI score0.09047EPSS
CVE
CVE
added 2017/05/09 4:29 p.m.79 views

CVE-2017-3069

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.01969EPSS
CVE
CVE
added 2017/08/11 7:29 p.m.79 views

CVE-2017-3106

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.64588EPSS
Web
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5052

An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

8.8CVSS8.5AI score0.00543EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5057

Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8AI score0.00839EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5067

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incor...

8.8CVSS8.4AI score0.51468EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5103

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

4.3CVSS5AI score0.01156EPSS
CVE
CVE
added 2018/07/09 7:29 p.m.79 views

CVE-2018-5001

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.7AI score0.01364EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.78 views

CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

2.1CVSS7AI score0.00198EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.78 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10CVSS6.2AI score0.11286EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.78 views

CVE-2012-4216

Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS9AI score0.0639EPSS
CVE
CVE
added 2012/12/03 12:49 p.m.78 views

CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

4CVSS5AI score0.03717EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.78 views

CVE-2012-5833

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitr...

9.3CVSS9.1AI score0.02061EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.78 views

CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

9.3CVSS7.8AI score0.0597EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.78 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS
CVE
CVE
added 2014/08/27 12:55 a.m.78 views

CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

4.3CVSS6.5AI score0.09871EPSS
CVE
CVE
added 2014/12/18 3:59 p.m.78 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.11576EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.78 views

CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which a...

7.5CVSS6.2AI score0.01009EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.78 views

CVE-2016-4141

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
Total number of security vulnerabilities1928