Lucene search

K
RedhatEnterprise Linux Server Eus

622 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.190 views

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS8.9AI score0.0184EPSS
CVE
CVE
added 2018/09/17 2:29 p.m.190 views

CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

7.8CVSS7.6AI score0.00252EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.190 views

CVE-2018-2579

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attac...

4.3CVSS3.8AI score0.00077EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.189 views

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

7.5CVSS8.2AI score0.53087EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.189 views

CVE-2018-12365

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < ...

6.5CVSS7.4AI score0.00504EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.188 views

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute a...

7.5CVSS8.1AI score0.04585EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.188 views

CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

5.5CVSS5.8AI score0.0005EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.187 views

CVE-2018-2629

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker w...

5.3CVSS5AI score0.0027EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.186 views

CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

5.3CVSS4.9AI score0.00063EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.185 views

CVE-2011-3045

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a dif...

8.8CVSS9AI score0.34687EPSS
CVE
CVE
added 2018/04/18 9:29 p.m.184 views

CVE-2018-10194

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp...

7.8CVSS7.2AI score0.00648EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.184 views

CVE-2018-12377

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird

9.8CVSS6.4AI score0.02706EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.184 views

CVE-2018-2663

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.183 views

CVE-2016-4470

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

5.5CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.183 views

CVE-2018-12362

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefo...

8.8CVSS7.8AI score0.00628EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.183 views

CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbi...

9.8CVSS7.2AI score0.02706EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.182 views

CVE-2018-19475

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

7.8CVSS6.6AI score0.72591EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.180 views

CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b...

7.5CVSS6.4AI score0.35731EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.180 views

CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, ...

8.8CVSS8.2AI score0.01033EPSS
CVE
CVE
added 2018/12/20 11:29 p.m.180 views

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue becaus...

7.8CVSS6.7AI score0.01387EPSS
CVE
CVE
added 2017/01/30 9:59 p.m.179 views

CVE-2016-2518

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

5.3CVSS6.2AI score0.01465EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.179 views

CVE-2018-12359

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60,...

8.8CVSS7.8AI score0.01474EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.179 views

CVE-2018-15910

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

7.8CVSS6.7AI score0.04834EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.179 views

CVE-2018-2634

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

6.8CVSS6.2AI score0.00149EPSS
CVE
CVE
added 2017/09/05 6:29 a.m.178 views

CVE-2017-1000083

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action...

7.8CVSS7.8AI score0.79825EPSS
Web
CVE
CVE
added 2018/12/19 4:29 p.m.178 views

CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

9.8CVSS9.8AI score0.1561EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.178 views

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

5.3CVSS5AI score0.00124EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.178 views

CVE-2018-5188

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird &lt...

9.8CVSS8.5AI score0.01647EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.177 views

CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly ex...

7.5CVSS8.1AI score0.04585EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.177 views

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.2AI score0.00447EPSS
CVE
CVE
added 2018/09/19 3:29 p.m.177 views

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

7.8CVSS6.5AI score0.0072EPSS
CVE
CVE
added 2019/02/12 11:29 p.m.177 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.176 views

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

5.5CVSS4.9AI score0.00062EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.176 views

CVE-2017-5380

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9.1AI score0.02031EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.176 views

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <...

8.8CVSS7.8AI score0.00628EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.176 views

CVE-2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects...

8.8CVSS7.7AI score0.00628EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.176 views

CVE-2018-12378

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird

9.8CVSS6.4AI score0.02706EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.176 views

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

7.8CVSS6.6AI score0.00734EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.176 views

CVE-2018-2588

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS4.2AI score0.00328EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.175 views

CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

4.3CVSS4.2AI score0.00204EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.175 views

CVE-2018-12366

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and ...

6.5CVSS7.2AI score0.00261EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.175 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as sh...

9.3CVSS7.5AI score0.92401EPSS
CVE
CVE
added 2018/09/06 2:29 p.m.174 views

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slap...

7.5CVSS6.3AI score0.01478EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.173 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.02502EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.173 views

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird &lt...

8.8CVSS7.5AI score0.00262EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.173 views

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR <...

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2013/01/25 12:0 p.m.172 views

CVE-2012-5689

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1CVSS7.9AI score0.0381EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.172 views

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS8.2AI score0.07797EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.172 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.02845EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.172 views

CVE-2018-5150

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS7.9AI score0.03792EPSS
Total number of security vulnerabilities622