Lucene search

K
RedhatEnterprise Linux Server Eus

622 matches found

CVE
CVE
added 2017/08/07 8:29 p.m.171 views

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.8AI score0.10156EPSS
CVE
CVE
added 2018/08/01 5:29 p.m.171 views

CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8CVSS7.4AI score0.00318EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.171 views

CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.8AI score0.39485EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.171 views

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.3AI score0.00261EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.170 views

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

8.8CVSS8.3AI score0.04205EPSS
CVE
CVE
added 2018/10/31 8:29 p.m.170 views

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

6.5CVSS6.5AI score0.12776EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.170 views

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox

8.1CVSS7.4AI score0.41656EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.170 views

CVE-2018-2678

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.170 views

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Fire...

9.8CVSS6.9AI score0.02669EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5103

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.168 views

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

7.2CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.168 views

CVE-2017-3539

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.9AI score0.00504EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.168 views

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

7.8CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.168 views

CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

7.8CVSS6.6AI score0.00734EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.168 views

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.168 views

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox

8.8CVSS6.1AI score0.55527EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.166 views

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox

7.5CVSS7.6AI score0.01186EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.166 views

CVE-2018-12389

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 6...

8.8CVSS8.4AI score0.01143EPSS
CVE
CVE
added 2016/08/02 4:59 p.m.165 views

CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

5.5CVSS5.9AI score0.00104EPSS
CVE
CVE
added 2017/06/22 9:29 p.m.165 views

CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

7.8CVSS7AI score0.01248EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.165 views

CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.165 views

CVE-2018-5117

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site ...

5.3CVSS6.3AI score0.01818EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.164 views

CVE-2016-9893

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS9.7AI score0.03554EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.164 views

CVE-2018-12383

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is ad...

5.5CVSS5.6AI score0.00071EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.164 views

CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox

9.8CVSS9AI score0.02308EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.163 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally in...

7CVSS6AI score0.00071EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.163 views

CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox

9.8CVSS7.2AI score0.01914EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.162 views

CVE-2018-5104

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.161 views

CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

9.8CVSS8.4AI score0.09672EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.161 views

CVE-2017-0900

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command.

7.5CVSS8AI score0.12509EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.161 views

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content pro...

9.1CVSS6.8AI score0.34597EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.161 views

CVE-2018-5099

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, an...

9.8CVSS9.3AI score0.02647EPSS
CVE
CVE
added 2015/11/24 8:59 p.m.160 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.160 views

CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

7.8CVSS6.6AI score0.02274EPSS
CVE
CVE
added 2018/10/15 4:29 p.m.160 views

CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

6.3CVSS6.4AI score0.00189EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.159 views

CVE-2015-7692

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.9AI score0.10156EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.159 views

CVE-2017-3600

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple p...

6.6CVSS6.1AI score
CVE
CVE
added 2017/01/28 1:59 a.m.159 views

CVE-2017-5203

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

9.8CVSS9.5AI score0.0108EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.159 views

CVE-2017-5396

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9.1AI score0.01695EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.159 views

CVE-2017-5402

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbir...

9.8CVSS8.1AI score0.02663EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.159 views

CVE-2018-5159

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS6.9AI score0.38809EPSS
Web
CVE
CVE
added 2017/10/11 6:29 p.m.158 views

CVE-2017-0903

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

9.8CVSS9.1AI score0.04901EPSS
Web
CVE
CVE
added 2018/06/11 9:29 p.m.158 views

CVE-2017-5378

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR ...

7.5CVSS8.1AI score0.01795EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.158 views

CVE-2018-12396

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox

6.5CVSS7.2AI score0.00716EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.158 views

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects T...

5.3CVSS6.6AI score0.01011EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.157 views

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

7.5CVSS7.8AI score0.01441EPSS
CVE
CVE
added 2018/08/28 4:29 a.m.157 views

CVE-2018-15911

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

7.8CVSS6.7AI score0.02697EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.157 views

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, a...

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.157 views

CVE-2018-5154

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7AI score0.03792EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.156 views

CVE-2017-5383

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

5.3CVSS6.5AI score0.02444EPSS
Total number of security vulnerabilities622