Lucene search

K
RedhatEnterprise Linux Desktop

1928 matches found

CVE
CVE
added 2020/01/08 10:15 p.m.255 views

CVE-2019-17022

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the...

6.1CVSS6.8AI score0.02471EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.254 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.254 views

CVE-2016-2109

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

7.8CVSS8AI score0.57624EPSS
CVE
CVE
added 2017/01/19 8:59 p.m.254 views

CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

8.8CVSS8.5AI score0.00036EPSS
CVE
CVE
added 2018/07/26 6:29 p.m.254 views

CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

5.5CVSS6AI score0.00074EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.254 views

CVE-2019-13743

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.3AI score0.01851EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.254 views

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 a...

8.8CVSS9.2AI score0.01777EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.254 views

CVE-2020-6396

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.7AI score0.01371EPSS
CVE
CVE
added 2008/01/25 1:0 a.m.253 views

CVE-2008-0456

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response...

2.6CVSS7.2AI score0.05994EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.253 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.02778EPSS
CVE
CVE
added 2018/03/22 9:29 p.m.253 views

CVE-2018-8945

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

5.5CVSS5.9AI score0.0017EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.253 views

CVE-2019-8814

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary c...

9.3CVSS8.6AI score0.00704EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.252 views

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.0241EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.252 views

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00282EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.251 views

CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.251 views

CVE-2019-5769

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.250 views

CVE-2015-3307

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

7.5CVSS7.6AI score0.09628EPSS
CVE
CVE
added 2018/07/28 11:29 p.m.250 views

CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

6.5CVSS7.1AI score0.00906EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.250 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderb...

6.5CVSS7AI score0.00904EPSS
CVE
CVE
added 2018/01/26 7:29 p.m.250 views

CVE-2018-5750

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

5.5CVSS5.5AI score0.00041EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.250 views

CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01911EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.250 views

CVE-2019-13749

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.250 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00877EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.250 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

6.5CVSS5.9AI score0.00493EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.249 views

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

4.7CVSS4.9AI score0.00045EPSS
CVE
CVE
added 2018/07/17 5:29 p.m.249 views

CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

9.8CVSS9.1AI score0.02828EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.249 views

CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.248 views

CVE-2019-8544

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01683EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.247 views

CVE-2016-2106

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

7.5CVSS7.6AI score0.64185EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.247 views

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local at...

7.8CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.247 views

CVE-2019-13757

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.1AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.247 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.247 views

CVE-2020-6394

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.01055EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.246 views

CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS7AI score0.01421EPSS
CVE
CVE
added 2020/10/27 9:15 p.m.246 views

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

7.8CVSS7.3AI score0.00055EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.246 views

CVE-2020-6385

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS7.7AI score0.01399EPSS
CVE
CVE
added 2018/08/29 3:29 a.m.245 views

CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

5.5CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2018/03/07 8:29 a.m.245 views

CVE-2018-7740

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.245 views

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.6AI score0.074EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.245 views

CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.245 views

CVE-2019-5768

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2018/05/10 10:29 p.m.244 views

CVE-2018-1118

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-...

5.5CVSS5.6AI score0.00108EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.244 views

CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

9.8CVSS9.1AI score
Web
CVE
CVE
added 2018/09/04 12:29 a.m.243 views

CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

5.5CVSS5.7AI score0.00431EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.243 views

CVE-2018-2817

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.5CVSS6AI score0.00232EPSS
CVE
CVE
added 2018/06/12 8:29 p.m.243 views

CVE-2018-5848

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

7.8CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.243 views

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.0234EPSS
CVE
CVE
added 2024/01/10 1:15 p.m.243 views

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During comm...

6.5CVSS6.3AI score0.00366EPSS
CVE
CVE
added 2008/06/13 6:41 p.m.242 views

CVE-2008-2364

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of inter...

5CVSS7.2AI score0.07143EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.242 views

CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth ou...

5CVSS7.3AI score0.73843EPSS
Total number of security vulnerabilities1928