Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Server Eus

622 matches found

CVE
CVEadded 2016/04/21 10:59 a.m.125 views

CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

5.9CVSS6.6AI score0.0224EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.125 views

CVE-2017-7798

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 an...

8.8CVSS8.1AI score0.0292EPSS
CVE
CVEadded 2015/03/02 11:59 a.m.124 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVEadded 2016/03/24 1:59 a.m.124 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.05589EPSS
CVE
CVEadded 2017/12/07 2:29 a.m.124 views

CVE-2017-15121

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

5.5CVSS6.1AI score0.00069EPSS
CVE
CVEadded 2019/02/28 6:29 p.m.124 views

CVE-2018-12395

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox

7.5CVSS7AI score0.01888EPSS
CVE
CVEadded 2018/07/27 9:29 p.m.123 views

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

7.5CVSS7.7AI score0.03467EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.123 views

CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and...

9.8CVSS8.3AI score0.03076EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.122 views

CVE-2016-9895

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

6.1CVSS7AI score0.00709EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.122 views

CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.09561EPSS
CVE
CVEadded 2018/11/08 8:29 p.m.122 views

CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

9.8CVSS9.8AI score0.07086EPSS
CVE
CVEadded 2017/01/13 4:59 p.m.121 views

CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

7.5CVSS6.4AI score0.472EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.121 views

CVE-2016-9898

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.9AI score0.03451EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.121 views

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.11011EPSS
CVE
CVEadded 2017/01/28 1:59 a.m.120 views

CVE-2017-5205

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

9.8CVSS9.5AI score0.0108EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.120 views

CVE-2017-5439

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.0485EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.120 views

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS7.6AI score0.01031EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.120 views

CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.2AI score0.03042EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.120 views

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cl...

7.5CVSS6.7AI score0.01115EPSS
CVE
CVEadded 2018/09/05 6:29 a.m.120 views

CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

7.8CVSS7.1AI score0.00369EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.120 views

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52...

8.1CVSS7.1AI score0.22295EPSS
CVE
CVEadded 2018/02/07 9:29 p.m.120 views

CVE-2018-6574

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

7.8CVSS6.8AI score0.30905EPSS
CVE
CVEadded 2019/03/26 6:29 p.m.120 views

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.7AI score0.03208EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.119 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS
CVE
CVEadded 2016/01/21 3:1 a.m.119 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00245EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.119 views

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.119 views

CVE-2017-5438

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.119 views

CVE-2017-5445

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

7.5CVSS7.9AI score0.02058EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.119 views

CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.2AI score0.05637EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.118 views

CVE-2016-4300

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

7.8CVSS8.2AI score0.0177EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.118 views

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.10902EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.118 views

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and ...

5.3CVSS6.5AI score0.01355EPSS
CVE
CVEadded 2011/03/01 11:0 p.m.117 views

CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

2.1CVSS5.8AI score0.00055EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.117 views

CVE-2016-9902

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s ...

7.5CVSS7.8AI score0.00411EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.117 views

CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

9.1CVSS7.9AI score0.19466EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.116 views

CVE-2016-4302

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

7.8CVSS8.2AI score0.02337EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.116 views

CVE-2017-5441

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.116 views

CVE-2017-7784

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.06834EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.115 views

CVE-2017-5405

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.4AI score0.02668EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.115 views

CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

8.1CVSS7.8AI score0.0082EPSS
CVE
CVEadded 2018/09/05 6:29 p.m.115 views

CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

5.5CVSS6AI score0.0035EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.115 views

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firef...

8.6CVSS9.2AI score0.02394EPSS
CVE
CVEadded 2015/04/08 6:59 p.m.114 views

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5CVSS7.9AI score0.14762EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.114 views

CVE-2016-4809

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

7.5CVSS7.1AI score0.0226EPSS
CVE
CVEadded 2017/11/20 8:29 p.m.114 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into...

5.5CVSS5.4AI score0.01063EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.29631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information dis...

6.5CVSS6.7AI score0.0102EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and F...

9.8CVSS8.3AI score0.03631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thu...

9.8CVSS8.9AI score0.03554EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thu...

10CVSS8.9AI score0.02508EPSS
Total number of security vulnerabilities622