Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.177 views

CVE-2018-5089

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, a...

9.8CVSS9.9AI score0.02663EPSS
CVE
CVE
added 2019/02/12 11:29 p.m.177 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.176 views

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

8.3CVSS8.6AI score0.01101EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.176 views

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

5.5CVSS4.9AI score0.00062EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.176 views

CVE-2018-12366

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and ...

6.5CVSS7.2AI score0.00261EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.176 views

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

7.8CVSS6.6AI score0.00734EPSS
CVE
CVE
added 2014/01/31 11:55 p.m.175 views

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

7.5CVSS7.2AI score0.20195EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.175 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

6.5CVSS5.2AI score0.00347EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.175 views

CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

4.3CVSS4.2AI score0.00204EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.175 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as sh...

9.3CVSS7.5AI score0.92401EPSS
CVE
CVE
added 2017/07/21 2:29 p.m.174 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.174 views

CVE-2017-3456

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2018/05/18 4:29 p.m.174 views

CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

7.8CVSS7.7AI score0.00595EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.174 views

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird &lt...

8.8CVSS7.5AI score0.00262EPSS
CVE
CVE
added 2018/09/06 2:29 p.m.174 views

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slap...

7.5CVSS6.3AI score0.01478EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.173 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.02502EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.173 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.02845EPSS
CVE
CVE
added 2018/07/28 11:29 p.m.173 views

CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

6.5CVSS7.3AI score0.01018EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.173 views

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR <...

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.173 views

CVE-2018-5150

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thund...

9.8CVSS7.9AI score0.03792EPSS
CVE
CVE
added 2013/01/25 12:0 p.m.172 views

CVE-2012-5689

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

7.1CVSS7.9AI score0.0381EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.172 views

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS8.2AI score0.07797EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.172 views

CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.8AI score0.39485EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.172 views

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.3AI score0.00261EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.171 views

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.8AI score0.10156EPSS
CVE
CVE
added 2018/08/01 5:29 p.m.171 views

CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

7.8CVSS7.4AI score0.00318EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.171 views

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox

8.1CVSS7.4AI score0.41656EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.171 views

CVE-2018-2678

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

4.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.171 views

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Fire...

9.8CVSS6.9AI score0.02669EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.171 views

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

7.5CVSS8AI score0.01202EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.170 views

CVE-2005-1268

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

5CVSS6.6AI score0.01988EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.170 views

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

8.8CVSS8.3AI score0.04205EPSS
CVE
CVE
added 2018/10/31 8:29 p.m.170 views

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

6.5CVSS6.5AI score0.12776EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.169 views

CVE-2017-3539

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.9AI score0.00504EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5103

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.169 views

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox

8.8CVSS6.1AI score0.55527EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.169 views

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.168 views

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

7.2CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2017/04/19 2:59 p.m.168 views

CVE-2016-5410

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

5.5CVSS5.3AI score0.0006EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.168 views

CVE-2017-3291

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure ...

6.3CVSS5.4AI score0.0008EPSS
CVE
CVE
added 2018/08/27 5:29 p.m.168 views

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

7.8CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2018/11/23 5:29 a.m.168 views

CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

7.8CVSS6.6AI score0.00734EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.168 views

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

4.3CVSS4.9AI score0.01851EPSS
CVE
CVE
added 2020/02/27 11:15 p.m.168 views

CVE-2020-6384

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00809EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.168 views

CVE-2020-6400

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01906EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.167 views

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox

7.5CVSS7.6AI score0.01186EPSS
CVE
CVE
added 2018/04/25 9:29 a.m.167 views

CVE-2018-10372

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

5.5CVSS5.9AI score0.00328EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.167 views

CVE-2018-10534

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so tha...

5.5CVSS6.1AI score0.00192EPSS
CVE
CVE
added 2018/05/01 4:29 p.m.167 views

CVE-2018-10583

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt X...

7.5CVSS6.4AI score0.63278EPSS
Web
Total number of security vulnerabilities1890