Lucene search

K
RedhatEnterprise Linux Desktop

282 matches found

CVE
CVE
added 2019/02/19 5:29 p.m.224 views

CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS6AI score0.01655EPSS
CVE
CVE
added 2019/02/04 6:29 p.m.223 views

CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

7.5CVSS7.4AI score0.00272EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.223 views

CVE-2019-8535

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.02231EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.222 views

CVE-2019-13738

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

6.5CVSS6.2AI score0.00889EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.222 views

CVE-2019-13762

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

3.3CVSS4.8AI score0.00032EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.222 views

CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5CVSS6.2AI score0.00102EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.221 views

CVE-2019-13740

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00973EPSS
CVE
CVE
added 2019/07/31 10:15 p.m.220 views

CVE-2019-10182

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

8.2CVSS7AI score0.01428EPSS
CVE
CVE
added 2019/12/24 5:15 p.m.220 views

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5CVSS7.8AI score0.12247EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.219 views

CVE-2019-8536

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01589EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.218 views

CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.03148EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.218 views

CVE-2019-13744

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.02568EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.218 views

CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

5.5CVSS5.4AI score0.00131EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.217 views

CVE-2019-8688

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.04267EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.216 views

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.01281EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.215 views

CVE-2019-8669

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.5AI score0.03566EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.215 views

CVE-2019-8684

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.03566EPSS
CVE
CVE
added 2019/01/03 1:29 p.m.214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.214 views

CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

8.8CVSS6.9AI score0.00917EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.214 views

CVE-2019-5781

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.213 views

CVE-2018-18498

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox &lt...

9.8CVSS7.4AI score0.02443EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.213 views

CVE-2019-13758

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.01003EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.212 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.03282EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.212 views

CVE-2019-13735

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.06077EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.208 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderb...

6.5CVSS7AI score0.01337EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.208 views

CVE-2019-5761

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01251EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.206 views

CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01655EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.204 views

CVE-2019-5762

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS6.9AI score0.02538EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.201 views

CVE-2019-5764

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01527EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.201 views

CVE-2019-5772

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.197 views

CVE-2019-5771

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS6.7AI score0.01526EPSS
CVE
CVE
added 2019/02/04 9:29 p.m.196 views

CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to b...

6.5CVSS7AI score0.01059EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.195 views

CVE-2018-6126

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS6.8AI score0.32892EPSS
CVE
CVE
added 2019/02/04 9:29 p.m.194 views

CVE-2019-1000020

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS b...

6.5CVSS7AI score0.01265EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.187 views

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

9.8CVSS7.2AI score0.05334EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.186 views

CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

6.5CVSS5.8AI score0.00488EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.179 views

CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

7.8CVSS5.7AI score0.00031EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.176 views

CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b...

7.5CVSS6.4AI score0.35731EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.174 views

CVE-2018-12390

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

9.8CVSS8.3AI score0.06392EPSS
CVE
CVE
added 2019/02/12 11:29 p.m.173 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.163 views

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

4.3CVSS4.9AI score0.01851EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.162 views

CVE-2018-12389

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 6...

8.8CVSS8.4AI score0.01167EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.162 views

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2019/02/03 3:29 a.m.161 views

CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocair...

7.8CVSS8AI score0.00267EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.158 views

CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS
CVE
CVE
added 2019/01/01 4:29 p.m.156 views

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5CVSS6.5AI score0.00561EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.150 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.03889EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.146 views

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond t...

7.5CVSS6.2AI score0.23134EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.146 views

CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

7.5CVSS6.7AI score0.2582EPSS
CVE
CVE
added 2019/04/23 4:29 p.m.145 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS
Total number of security vulnerabilities282