Lucene search

K
RedhatEnterprise Linux Server Tus

765 matches found

CVE
CVE
added 2020/01/08 10:15 p.m.237 views

CVE-2019-17022

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the...

6.1CVSS6.8AI score0.02471EPSS
CVE
CVE
added 2023/10/23 10:15 p.m.237 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user coul...

7.8CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.236 views

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 a...

8.8CVSS9.2AI score0.01777EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.236 views

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS6.3AI score0.01702EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.235 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.02778EPSS
CVE
CVE
added 2024/02/07 9:15 p.m.235 views

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

7.5CVSS7AI score0.00031EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.233 views

CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

5.9CVSS5.6AI score0.29495EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.233 views

CVE-2018-2640

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00449EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.232 views

CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

7.8CVSS7.1AI score0.00284EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.232 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderb...

6.5CVSS7AI score0.00904EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.232 views

CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5CVSS6.2AI score0.00365EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.229 views

CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

4.1CVSS4.2AI score0.00038EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.228 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01413EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.227 views

CVE-2018-2771

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

4.4CVSS5AI score0.00097EPSS
CVE
CVE
added 2019/02/04 6:29 p.m.227 views

CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

7.5CVSS7.4AI score0.00362EPSS
CVE
CVE
added 2019/03/27 8:29 p.m.226 views

CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8CVSS9.5AI score0.00733EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.225 views

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/07/17 5:29 p.m.222 views

CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

9.8CVSS9.7AI score0.03279EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.222 views

CVE-2018-2665

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00449EPSS
CVE
CVE
added 2018/06/13 4:29 p.m.221 views

CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

8.2CVSS8.4AI score0.00055EPSS
CVE
CVE
added 2017/02/03 7:59 p.m.220 views

CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

7.1CVSS7.9AI score0.00873EPSS
CVE
CVE
added 2019/01/03 1:29 p.m.220 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00461EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.220 views

CVE-2018-2790

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.1CVSS3.9AI score0.00268EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.219 views

CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

6.2CVSS5.3AI score0.00011EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.219 views

CVE-2018-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6AI score0.00232EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.219 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03215EPSS
CVE
CVE
added 2017/05/29 4:29 p.m.217 views

CVE-2017-9287

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

6.5CVSS6.4AI score0.38966EPSS
CVE
CVE
added 2018/05/02 6:29 p.m.217 views

CVE-2018-10675

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

7.8CVSS7.6AI score0.00055EPSS
CVE
CVE
added 2018/08/17 12:29 p.m.217 views

CVE-2018-10873

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially...

8.8CVSS8AI score0.00516EPSS
CVE
CVE
added 2018/07/17 5:29 p.m.217 views

CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

9.8CVSS9.7AI score0.02283EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.216 views

CVE-2018-2814

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multi...

8.3CVSS8.1AI score0.00337EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.215 views

CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

5.9CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.214 views

CVE-2017-3318

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastruc...

4CVSS4.1AI score0.00036EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.214 views

CVE-2018-2794

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

7.7CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2018/03/20 4:29 p.m.213 views

CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

9.8CVSS9.3AI score0.00836EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.212 views

CVE-2017-3308

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

7.7CVSS6.1AI score0.00323EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.210 views

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

5.3CVSS4.9AI score0.00521EPSS
CVE
CVE
added 2018/11/29 6:29 p.m.210 views

CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

9.8CVSS9.7AI score0.21915EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.209 views

CVE-2017-10356

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker wit...

6.2CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.209 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro...

6.5CVSS6.2AI score0.00369EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.209 views

CVE-2017-10388

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

7.5CVSS7.7AI score0.00503EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.209 views

CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure ...

5.6CVSS5.4AI score0.00189EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.209 views

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird

9.8CVSS7.2AI score0.03924EPSS
CVE
CVE
added 2018/11/02 7:29 a.m.209 views

CVE-2018-18897

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

6.5CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2018/01/23 4:29 p.m.209 views

CVE-2018-5950

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

6.1CVSS5.9AI score0.02431EPSS
CVE
CVE
added 2018/03/12 9:29 p.m.209 views

CVE-2018-7858

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

5.5CVSS5.2AI score0.00074EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.208 views

CVE-2017-10087

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple ...

9.6CVSS9AI score0.00416EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.208 views

CVE-2018-2641

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.1CVSS5.9AI score0.00187EPSS
CVE
CVE
added 2022/08/23 4:15 p.m.208 views

CVE-2021-23177

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...

7.8CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.207 views

CVE-2017-3653

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

3.5CVSS3.4AI score0.00313EPSS
Total number of security vulnerabilities765