Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVEadded 2005/03/14 5:0 a.m.61 views

CVE-2005-0472

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

5CVSS6.3AI score0.08201EPSS
CVE
CVEadded 2005/06/14 4:0 a.m.61 views

CVE-2005-1760

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

7.5CVSS6.6AI score0.00542EPSS
CVE
CVEadded 2008/08/08 7:41 p.m.61 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS
CVE
CVEadded 2012/10/09 11:55 p.m.61 views

CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

2.1CVSS6AI score0.00039EPSS
CVE
CVEadded 2016/06/16 2:59 p.m.61 views

CVE-2016-4139

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVEadded 2017/04/11 6:59 p.m.61 views

CVE-2016-4444

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

7CVSS6.9AI score0.0007EPSS
CVE
CVEadded 2018/08/29 1:29 p.m.61 views

CVE-2018-12826

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.9AI score0.02143EPSS
CVE
CVEadded 2018/08/29 1:29 p.m.61 views

CVE-2018-12828

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.1AI score0.17319EPSS
CVE
CVEadded 2005/02/09 5:0 a.m.60 views

CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

6.8CVSS5.9AI score0.00386EPSS
CVE
CVEadded 2008/05/08 12:20 a.m.60 views

CVE-2008-1615

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.

4.9CVSS7.1AI score0.00062EPSS
CVE
CVEadded 2008/06/30 9:41 p.m.60 views

CVE-2008-2365

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between ut...

4.7CVSS4.9AI score0.01283EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.60 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.59 views

CVE-2004-1068

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

6.2CVSS7.3AI score0.00061EPSS
CVE
CVEadded 2005/04/14 4:0 a.m.59 views

CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

2.1CVSS6.3AI score0.00058EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.59 views

CVE-2005-0086

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

7.5CVSS8.2AI score0.00907EPSS
CVE
CVEadded 2006/02/21 7:0 p.m.59 views

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

2.6CVSS6.2AI score0.02059EPSS
CVE
CVEadded 2010/01/27 5:30 p.m.59 views

CVE-2009-4272

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash ch...

7.8CVSS6.9AI score0.0181EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.59 views

CVE-2014-0148

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user abl...

5.5CVSS6.5AI score0.00061EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.58 views

CVE-2005-0090

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

2.1CVSS6AI score0.00058EPSS
CVE
CVEadded 2012/08/29 10:56 a.m.58 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS
CVE
CVEadded 2013/05/16 11:45 a.m.58 views

CVE-2013-2728

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS
CVE
CVEadded 2013/05/16 11:45 a.m.58 views

CVE-2013-3332

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS
CVE
CVEadded 2015/10/09 2:59 p.m.58 views

CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

6.8CVSS6.8AI score0.0092EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.58 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00847EPSS
CVE
CVEadded 2004/11/23 5:0 a.m.57 views

CVE-2004-0494

Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.

7.5CVSS6.3AI score0.00855EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.57 views

CVE-2004-0607

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

10CVSS6.2AI score0.03036EPSS
CVE
CVEadded 2006/10/05 4:4 a.m.57 views

CVE-2006-5158

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

7.5CVSS7.1AI score0.03256EPSS
CVE
CVEadded 2019/11/20 3:15 p.m.57 views

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

5.5CVSS5.4AI score0.00026EPSS
CVE
CVEadded 2013/05/21 6:55 p.m.57 views

CVE-2012-6137

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

4.3CVSS7.1AI score0.0025EPSS
CVE
CVEadded 2004/09/24 4:0 a.m.56 views

CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

4.6CVSS6.8AI score0.05741EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.56 views

CVE-2005-0078

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

4.6CVSS6AI score0.00077EPSS
CVE
CVEadded 2015/10/09 2:59 p.m.56 views

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

4.3CVSS6.5AI score0.00938EPSS
CVE
CVEadded 2018/06/22 1:29 p.m.56 views

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

6.5CVSS6.1AI score0.10986EPSS
CVE
CVEadded 2005/05/04 4:0 a.m.55 views

CVE-2005-1194

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

4.6CVSS7.5AI score0.16447EPSS
CVE
CVEadded 2008/02/05 12:0 a.m.55 views

CVE-2007-4130

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.

7.2CVSS5.7AI score0.00045EPSS
CVE
CVEadded 2010/05/12 11:46 a.m.55 views

CVE-2010-0730

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.

2.6CVSS6.8AI score0.01478EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.55 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS
CVE
CVEadded 2014/05/02 2:55 p.m.55 views

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

2.1CVSS6.2AI score0.00074EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.55 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.54 views

CVE-2004-1139

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.06148EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.54 views

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1CVSS6AI score0.00074EPSS
CVE
CVEadded 2005/12/22 11:3 a.m.54 views

CVE-2005-3631

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

4.6CVSS5.9AI score0.00052EPSS
CVE
CVEadded 2006/07/27 10:4 p.m.54 views

CVE-2006-2933

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.

4.6CVSS6.4AI score0.00081EPSS
CVE
CVEadded 2007/06/26 6:30 p.m.54 views

CVE-2007-0773

The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

4.6CVSS7AI score0.0012EPSS
CVE
CVEadded 2013/12/27 1:55 a.m.54 views

CVE-2011-2519

Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.

5.5CVSS6.8AI score0.00137EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS
CVE
CVEadded 2013/05/16 11:45 a.m.54 views

CVE-2013-3327

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS
CVE
CVEadded 2013/05/16 11:45 a.m.54 views

CVE-2013-3330

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.53 views

CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2CVSS7.4AI score0.00052EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.53 views

CVE-2004-1142

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

5CVSS6.2AI score0.08831EPSS
Total number of security vulnerabilities1928