Lucene search

K
RedhatEnterprise Linux Server Aus

1054 matches found

CVE
CVE
added 2018/12/19 4:29 p.m.178 views

CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

9.8CVSS9.8AI score0.1561EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.177 views

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird &lt...

8.8CVSS7.5AI score0.00262EPSS
CVE
CVE
added 2018/09/19 3:29 p.m.177 views

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

7.8CVSS6.5AI score0.0072EPSS
CVE
CVE
added 2019/02/12 11:29 p.m.177 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2022/07/06 4:15 p.m.177 views

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacke...

4.5CVSS7AI score0.0006EPSS
CVE
CVE
added 2023/11/03 8:15 a.m.177 views

CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

8.6CVSS8.2AI score0.11086EPSS
CVE
CVE
added 2024/02/12 1:15 p.m.177 views

CVE-2024-1062

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.176 views

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

5.5CVSS4.9AI score0.00062EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.176 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.02845EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.176 views

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

7.8CVSS6.6AI score0.0072EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR <...

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2018-5150

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS7.9AI score0.03014EPSS
CVE
CVE
added 2024/04/16 8:15 p.m.176 views

CVE-2022-24806

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patc...

6.5CVSS6.2AI score0.00113EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.175 views

CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.8AI score0.39485EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.175 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

6.5CVSS5.2AI score0.00347EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.175 views

CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

4.3CVSS4.2AI score0.00204EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.175 views

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.3AI score0.00261EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.175 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as sh...

9.3CVSS7.5AI score0.92401EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.174 views

CVE-2017-3456

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.174 views

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox

8.1CVSS7.4AI score0.41656EPSS
CVE
CVE
added 2018/09/06 2:29 p.m.174 views

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slap...

7.5CVSS6.3AI score0.01478EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.174 views

CVE-2018-2678

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.174 views

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Fire...

9.8CVSS6.9AI score0.02669EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.173 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.02502EPSS
CVE
CVE
added 2024/04/18 7:15 p.m.173 views

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

7.1CVSS5.9AI score0.00032EPSS
CVE
CVE
added 2013/01/25 12:0 p.m.172 views

CVE-2012-5689

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1CVSS7.9AI score0.0381EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.172 views

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS8.2AI score0.07797EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.172 views

CVE-2017-3539

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.9AI score0.00504EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.172 views

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.172 views

CVE-2018-5103

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.172 views

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox

8.8CVSS6.1AI score0.55527EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.171 views

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.8AI score0.10156EPSS
CVE
CVE
added 2018/08/01 5:29 p.m.171 views

CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8CVSS7.4AI score0.00318EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.170 views

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

8.8CVSS8.3AI score0.04205EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.170 views

CVE-2015-5364

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

7.8CVSS5.7AI score0.21228EPSS
CVE
CVE
added 2018/10/31 8:29 p.m.170 views

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

6.5CVSS6.5AI score0.12776EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.170 views

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox

7.5CVSS7.6AI score0.01186EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.169 views

CVE-2017-10193

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.7AI score0.00379EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5117

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site ...

5.3CVSS6.3AI score0.01818EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.168 views

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

7.2CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.168 views

CVE-2016-9893

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS9.7AI score0.02823EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.168 views

CVE-2017-3291

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure ...

6.3CVSS5.4AI score0.0008EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.168 views

CVE-2018-12383

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is ad...

5.5CVSS5.6AI score0.00071EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.168 views

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

7.8CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.168 views

CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

7.8CVSS6.6AI score0.0072EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.168 views

CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox

9.8CVSS9AI score0.02308EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.167 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally in...

7CVSS6AI score0.00071EPSS
CVE
CVE
added 2019/02/03 3:29 a.m.167 views

CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocair...

7.8CVSS8AI score0.00267EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.166 views

CVE-2018-12389

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 6...

8.8CVSS8.4AI score0.01143EPSS
Total number of security vulnerabilities1054