Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Server Tus

765 matches found

CVE
CVEadded 2017/08/22 6:29 p.m.78 views

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

8.8CVSS7.6AI score0.01645EPSS
CVE
CVEadded 2013/12/11 3:55 p.m.77 views

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3CVSS9.1AI score0.00245EPSS
CVE
CVEadded 2017/02/09 3:59 p.m.77 views

CVE-2017-5848

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

7.5CVSS7AI score0.05482EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.75 views

CVE-2014-0144

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges ...

8.6CVSS7.2AI score0.01978EPSS
CVE
CVEadded 2018/02/02 2:29 p.m.75 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

8.8CVSS8.4AI score0.00094EPSS
CVE
CVEadded 2014/06/05 8:55 p.m.73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS
CVE
CVEadded 2013/12/11 3:55 p.m.72 views

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

10CVSS9.6AI score0.10399EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.72 views

CVE-2014-0147

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

6.2CVSS6.5AI score0.00051EPSS
CVE
CVEadded 2019/05/07 2:29 p.m.72 views

CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

7CVSS6.6AI score0.00049EPSS
CVE
CVEadded 2014/01/18 7:55 p.m.71 views

CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6AI score0.02998EPSS
CVE
CVEadded 2020/01/14 6:15 p.m.68 views

CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

6.5CVSS6AI score0.00535EPSS
CVE
CVEadded 2017/10/18 8:29 p.m.68 views

CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8CVSS9AI score0.06044EPSS
CVE
CVEadded 2014/08/01 11:13 a.m.63 views

CVE-2014-5045

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free)...

6.2CVSS6.4AI score0.00029EPSS
CVE
CVEadded 2022/09/29 3:15 a.m.59 views

CVE-2014-0148

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user abl...

5.5CVSS6.5AI score0.00061EPSS
CVE
CVEadded 2014/11/14 3:59 p.m.46 views

CVE-2014-8567

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

9.4CVSS6.3AI score0.04434EPSS
Total number of security vulnerabilities765