Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Server Eus7.3

175 matches found

CVE
CVEadded 2017/11/20 8:29 p.m.114 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into...

5.5CVSS5.4AI score0.01063EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.29631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information dis...

6.5CVSS6.7AI score0.0102EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and F...

9.8CVSS8.3AI score0.03631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.114 views

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thu...

9.8CVSS8.9AI score0.03554EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.113 views

CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.045EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.112 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.01714EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F...

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2017-5444

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,...

7.5CVSS8.2AI score0.04146EPSS
CVE
CVEadded 2018/07/27 8:29 p.m.111 views

CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

8.8CVSS8.6AI score0.03861EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.111 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.03238EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.5AI score0.18598EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.1CVSS7.8AI score0.02616EPSS
CVE
CVEadded 2018/03/12 2:29 a.m.109 views

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in ti...

8.8CVSS7.6AI score0.00819EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.1AI score0.01215EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8AI score0.02616EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.02343EPSS
CVE
CVEadded 2015/08/12 2:59 p.m.108 views

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3CVSS6.5AI score0.12372EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.108 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.02497EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.108 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00389EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.107 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.107 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.03594EPSS
CVE
CVEadded 2018/08/01 1:29 p.m.106 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.106 views

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.2AI score0.06329EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.105 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.0103EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.104 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.00717EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.104 views

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS7.7AI score0.05535EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.102 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.00399EPSS
CVE
CVEadded 2016/07/21 10:14 a.m.102 views

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3CVSS4.6AI score0.05081EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.102 views

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS8.8AI score0.03363EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.101 views

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, a...

10CVSS8.8AI score0.02508EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.100 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.03485EPSS
CVE
CVEadded 2018/03/09 8:29 p.m.99 views

CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

5.5CVSS6.1AI score0.00479EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.99 views

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thund...

9.8CVSS8.1AI score0.03594EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.99 views

CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird

5.3CVSS6.1AI score0.01887EPSS
CVE
CVEadded 2020/01/14 5:15 p.m.98 views

CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

7.8CVSS7.9AI score0.0091EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.98 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01468EPSS
CVE
CVEadded 2016/05/11 9:59 p.m.98 views

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

5.5CVSS6.4AI score0.00138EPSS
CVE
CVEadded 2018/08/01 4:29 p.m.98 views

CVE-2016-8654

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

7.8CVSS7.8AI score0.00234EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.98 views

CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1,...

7.5CVSS7.7AI score0.00636EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.98 views

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.03554EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.97 views

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.1CVSS7.7AI score0.03399EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.95 views

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.00583EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.95 views

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS7AI score0.36848EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.94 views

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Fi...

8.8CVSS8AI score0.00877EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.93 views

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

7.5CVSS7.6AI score0.01355EPSS
CVE
CVEadded 2015/07/06 3:59 p.m.92 views

CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

5CVSS6AI score0.00094EPSS
CVE
CVEadded 2019/11/04 9:15 p.m.91 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS
Total number of security vulnerabilities175