Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2012/10/10 5:55 p.m.133 views

CVE-2012-3990

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, rela...

9.3CVSS9.4AI score0.05468EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.133 views

CVE-2013-0775

Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted ...

9.3CVSS9.6AI score0.00914EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.133 views

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

3.3CVSS7.5AI score0.00449EPSS
CVE
CVE
added 2017/04/14 6:59 p.m.133 views

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

7.5CVSS7.3AI score0.0165EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.133 views

CVE-2018-16542

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

5.5CVSS6AI score0.00426EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.133 views

CVE-2018-17476

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

4.3CVSS5.1AI score0.00945EPSS
CVE
CVE
added 2009/11/04 3:30 p.m.132 views

CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

7CVSS6.8AI score0.03441EPSS
Web
CVE
CVE
added 2010/12/23 6:0 p.m.132 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

2.1CVSS5.8AI score0.00073EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.132 views

CVE-2013-0783

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application ...

9.3CVSS9.9AI score0.01206EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.132 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.132 views

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1CVSS6.2AI score0.2622EPSS
CVE
CVE
added 2018/04/23 6:29 p.m.132 views

CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

9.8CVSS9.5AI score0.01309EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.132 views

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

6.5CVSS6.5AI score0.00541EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.132 views

CVE-2018-6056

Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.07292EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.132 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00992EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.131 views

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7CVSS4.8AI score0.00965EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.131 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

6.5CVSS7.1AI score0.00908EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.131 views

CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.02538EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.130 views

CVE-2013-0385

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

6.6CVSS4AI score0.00102EPSS
CVE
CVE
added 2014/08/14 5:1 a.m.130 views

CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain poin...

7.8CVSS6.3AI score0.06988EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.130 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.03603EPSS
CVE
CVE
added 2016/01/21 3:1 a.m.130 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00165EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.130 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS
CVE
CVE
added 2018/07/27 9:29 p.m.130 views

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

7.5CVSS7.7AI score0.03467EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.130 views

CVE-2017-5430

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox E...

9.8CVSS8.8AI score0.00786EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.130 views

CVE-2018-16076

Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8.2AI score0.00607EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.130 views

CVE-2018-17467

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00945EPSS
CVE
CVE
added 2018/11/07 4:29 p.m.130 views

CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

6.5CVSS6.2AI score0.00268EPSS
CVE
CVE
added 2018/02/23 5:29 p.m.130 views

CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

7.8CVSS6.5AI score0.00038EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.129 views

CVE-2013-0744

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 ...

9.3CVSS9.6AI score0.13449EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.129 views

CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5CVSS7.6AI score0.00461EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.129 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.129 views

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

6.5CVSS5.5AI score0.00642EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.129 views

CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

4.9CVSS5AI score0.00519EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.129 views

CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird

4.3CVSS6AI score0.00422EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.129 views

CVE-2018-17471

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

4.3CVSS5.1AI score0.00871EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.129 views

CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

8.8CVSS7.8AI score0.01655EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.128 views

CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

2.1CVSS5.8AI score0.00055EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.128 views

CVE-2012-3166

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.2AI score0.00635EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.128 views

CVE-2013-0746

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allo...

9.3CVSS9.5AI score0.02359EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.128 views

CVE-2014-0402

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

4CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2015/12/02 1:59 a.m.128 views

CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encou...

9.8CVSS7.6AI score0.10015EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.128 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00419EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.128 views

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript ...

8.8CVSS8.2AI score0.01354EPSS
CVE
CVE
added 2018/04/16 9:58 a.m.128 views

CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecifie...

7.8CVSS8.1AI score0.00178EPSS
CVE
CVE
added 2018/11/08 8:29 p.m.128 views

CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

9.8CVSS9.8AI score0.06961EPSS
CVE
CVE
added 2018/11/26 2:29 a.m.128 views

CVE-2018-19535

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

6.5CVSS6.2AI score0.00358EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.128 views

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allow...

6.5CVSS6.2AI score0.01004EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.128 views

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52...

8.1CVSS7.1AI score0.18624EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.128 views

CVE-2018-6042

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00909EPSS
Total number of security vulnerabilities1890