Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2018/08/24 7:29 p.m.235 views

CVE-2018-14599

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

9.8CVSS9.4AI score0.02078EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.234 views

CVE-2013-0753

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

9.3CVSS9.5AI score0.8806EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.234 views

CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

7.8CVSS7.1AI score0.00284EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.234 views

CVE-2018-2794

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

7.7CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.234 views

CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5CVSS6.2AI score0.00365EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.233 views

CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than ...

10CVSS9.1AI score0.28101EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.233 views

CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

4.1CVSS4.2AI score0.00038EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.233 views

CVE-2018-1000121

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

7.5CVSS7.3AI score0.02375EPSS
CVE
CVE
added 2018/01/12 9:29 a.m.233 views

CVE-2018-5344

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

7.8CVSS6.5AI score0.00043EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.232 views

CVE-2015-4021

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory cor...

5CVSS7.2AI score0.30242EPSS
CVE
CVE
added 2018/05/06 10:29 p.m.232 views

CVE-2018-0494

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

6.5CVSS6.5AI score0.75788EPSS
CVE
CVE
added 2018/09/03 7:29 p.m.232 views

CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

9.8CVSS9.6AI score0.01524EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.232 views

CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS6AI score0.01655EPSS
CVE
CVE
added 2013/05/29 2:29 p.m.231 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as...

5CVSS5.3AI score0.48093EPSS
CVE
CVE
added 2016/03/24 6:59 p.m.231 views

CVE-2016-0636

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

9.3CVSS7.3AI score0.26528EPSS
CVE
CVE
added 2018/05/04 5:29 p.m.231 views

CVE-2018-10733

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

6.5CVSS6.3AI score0.00799EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.231 views

CVE-2018-2771

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

4.4CVSS5AI score0.00097EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.231 views

CVE-2019-8535

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.02231EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.230 views

CVE-2013-0758

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging impr...

9.3CVSS9.4AI score0.87365EPSS
CVE
CVE
added 2018/07/28 11:29 p.m.230 views

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

8.8CVSS7.4AI score0.01314EPSS
CVE
CVE
added 2018/10/19 5:29 p.m.230 views

CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

5.5CVSS7.2AI score0.00105EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.230 views

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.230 views

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

5.3CVSS4.9AI score0.00521EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.230 views

CVE-2019-13725

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.3AI score0.0702EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.230 views

CVE-2019-13761

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.1AI score0.0234EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.229 views

CVE-2015-4147

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related t...

7.5CVSS7.9AI score0.43012EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.229 views

CVE-2017-10356

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker wit...

6.2CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.229 views

CVE-2017-10388

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

7.5CVSS7.7AI score0.00503EPSS
CVE
CVE
added 2019/03/27 8:29 p.m.229 views

CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8CVSS9.5AI score0.00332EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.228 views

CVE-2017-10087

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple ...

9.6CVSS9AI score0.00416EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.228 views

CVE-2018-2641

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.1CVSS5.9AI score0.00106EPSS
CVE
CVE
added 2018/02/28 9:29 p.m.228 views

CVE-2018-7569

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

5.5CVSS6AI score0.00136EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.228 views

CVE-2019-13738

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

6.5CVSS6.2AI score0.00889EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.228 views

CVE-2019-13762

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

3.3CVSS4.8AI score0.00032EPSS
CVE
CVE
added 2019/12/24 5:15 p.m.228 views

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5CVSS7.8AI score0.09227EPSS
CVE
CVE
added 2019/02/04 6:29 p.m.228 views

CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

7.5CVSS7.4AI score0.00362EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.228 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01413EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.227 views

CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

7.5CVSS8.2AI score0.81755EPSS
CVE
CVE
added 2018/09/04 1:29 p.m.227 views

CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffe...

8.8CVSS8.5AI score0.0211EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.227 views

CVE-2018-2665

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00449EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.227 views

CVE-2019-13740

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00973EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.227 views

CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

5.5CVSS5.4AI score0.00131EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.226 views

CVE-2017-10115

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with networ...

7.5CVSS7.2AI score0.00244EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.226 views

CVE-2017-13088

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

5.3CVSS6.6AI score0.00279EPSS
CVE
CVE
added 2018/06/13 4:29 p.m.226 views

CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

8.2CVSS8.4AI score0.00029EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.226 views

CVE-2019-8536

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01589EPSS
CVE
CVE
added 2017/02/03 7:59 p.m.225 views

CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

7.1CVSS7.9AI score0.00873EPSS
CVE
CVE
added 2018/09/04 2:29 p.m.225 views

CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

6.5CVSS6.7AI score0.00939EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.225 views

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird

9.8CVSS7.2AI score0.03924EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.225 views

CVE-2019-8684

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.03566EPSS
Total number of security vulnerabilities1890