Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2017/10/19 5:29 p.m.208 views

CVE-2017-10295

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS5.1AI score0.00258EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.208 views

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS8.9AI score0.0184EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.208 views

CVE-2018-2629

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker w...

5.3CVSS5AI score0.00434EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.207 views

CVE-2016-3698

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from...

8.1CVSS7.5AI score0.00769EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.207 views

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful a...

9.6CVSS9.1AI score0.00365EPSS
CVE
CVE
added 2018/09/28 9:29 a.m.207 views

CVE-2018-17581

CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

6.5CVSS6.6AI score0.00225EPSS
CVE
CVE
added 2018/05/06 11:29 p.m.206 views

CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

6.5CVSS6.3AI score0.01563EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.206 views

CVE-2018-12365

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < ...

6.5CVSS7.4AI score0.00496EPSS
CVE
CVE
added 2015/10/06 1:59 a.m.205 views

CVE-2014-9751

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by le...

6.8CVSS7.2AI score0.09651EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.205 views

CVE-2019-5771

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS6.7AI score0.01526EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.204 views

CVE-2015-5157

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

7.2CVSS5.7AI score0.00219EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.204 views

CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

7.5CVSS7.7AI score0.62171EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.204 views

CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinter...

5.5CVSS5.9AI score0.00203EPSS
Web
CVE
CVE
added 2018/01/18 2:29 a.m.204 views

CVE-2018-2663

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2015/11/13 3:59 a.m.203 views

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly ha...

7.5CVSS7.9AI score0.04186EPSS
CVE
CVE
added 2018/11/08 8:29 a.m.203 views

CVE-2018-19108

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

6.5CVSS6.3AI score0.00411EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.202 views

CVE-2018-12377

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird

9.8CVSS6.4AI score0.02628EPSS
CVE
CVE
added 2018/07/25 11:29 p.m.202 views

CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fi...

6.5CVSS6AI score0.00538EPSS
CVE
CVE
added 2019/02/04 9:29 p.m.202 views

CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to b...

6.5CVSS7AI score0.01026EPSS
CVE
CVE
added 2019/02/04 9:29 p.m.202 views

CVE-2019-1000020

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS b...

6.5CVSS7AI score0.00585EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.201 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

6.5CVSS5.3AI score0.00034EPSS
CVE
CVE
added 2018/12/20 5:29 p.m.201 views

CVE-2018-1000877

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in...

8.8CVSS8.3AI score0.03603EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.201 views

CVE-2018-12362

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefo...

8.8CVSS7.8AI score0.00618EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.201 views

CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbi...

9.8CVSS7.2AI score0.02628EPSS
CVE
CVE
added 2016/05/16 10:59 a.m.200 views

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as dem...

5.3CVSS7AI score0.00968EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.200 views

CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

6.5CVSS5.4AI score0.01232EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.200 views

CVE-2018-2634

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

6.8CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.199 views

CVE-2017-3641

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.9AI score0.00119EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.199 views

CVE-2017-5375

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9.2AI score0.61729EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.199 views

CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, ...

8.8CVSS8.2AI score0.01033EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.199 views

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

5.3CVSS5AI score0.00124EPSS
CVE
CVE
added 2007/06/27 5:30 p.m.198 views

CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with bro...

4.3CVSS5.7AI score0.11133EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.198 views

CVE-2017-10198

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS6.8AI score0.00281EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.198 views

CVE-2017-3453

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple p...

6.5CVSS5.7AI score0.00276EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.198 views

CVE-2018-12359

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60,...

8.8CVSS7.8AI score0.01331EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.197 views

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

10CVSS9.5AI score0.01612EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.197 views

CVE-2017-10274

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. S...

6.8CVSS6.8AI score0.00575EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.197 views

CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

5.5CVSS5.3AI score0.00032EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.197 views

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.2AI score0.00447EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.197 views

CVE-2018-2588

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS4.2AI score0.00328EPSS
CVE
CVE
added 2020/02/12 6:15 p.m.196 views

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

7.5CVSS7.5AI score0.03032EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.195 views

CVE-2015-4148

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "t...

5CVSS6.9AI score0.10785EPSS
CVE
CVE
added 2017/08/10 10:29 p.m.195 views

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possibl...

7.5CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.195 views

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

8.3CVSS8.6AI score0.01101EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.195 views

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <...

8.8CVSS7.8AI score0.00618EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.195 views

CVE-2018-5188

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird &lt...

9.8CVSS8.5AI score0.0162EPSS
CVE
CVE
added 2019/07/30 11:15 p.m.195 views

CVE-2019-10153

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to cluste...

5CVSS4.8AI score0.0049EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.195 views

CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

6.5CVSS5.8AI score0.00488EPSS
CVE
CVE
added 2015/12/06 8:59 p.m.194 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02942EPSS
CVE
CVE
added 2017/06/06 9:29 p.m.194 views

CVE-2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

6.8CVSS6.2AI score0.04032EPSS
Total number of security vulnerabilities1890