Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2015/10/21 11:59 p.m.123 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00508EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.123 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00476EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.123 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00419EPSS
CVE
CVE
added 2016/10/25 2:31 p.m.123 views

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

6.5CVSS5.5AI score0.00894EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.123 views

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS8.8AI score0.00595EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.123 views

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52...

8.1CVSS7.1AI score0.22295EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.123 views

CVE-2018-6041

Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00909EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.123 views

CVE-2018-6172

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/03/26 6:29 p.m.123 views

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.7AI score0.03208EPSS
CVE
CVE
added 2022/09/01 9:15 p.m.123 views

CVE-2022-2739

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive info...

5.3CVSS5.4AI score0.00115EPSS
CVE
CVE
added 2010/11/05 6:0 p.m.122 views

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer...

7.5CVSS7.3AI score0.06284EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.122 views

CVE-2016-4300

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

7.8CVSS8.2AI score0.0177EPSS
CVE
CVE
added 2018/01/18 6:29 p.m.122 views

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized objec...

9.8CVSS9.2AI score0.04118EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.122 views

CVE-2017-5429

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird &l...

9.8CVSS9AI score0.01989EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.122 views

CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1,...

7.5CVSS7.7AI score0.00762EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.122 views

CVE-2018-16079

A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

5.3CVSS5.5AI score0.0028EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.122 views

CVE-2018-18348

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

4.3CVSS4.8AI score0.00963EPSS
CVE
CVE
added 2018/11/08 8:29 a.m.122 views

CVE-2018-19107

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

6.5CVSS6.4AI score0.00302EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.122 views

CVE-2018-6034

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1CVSS5.8AI score0.01066EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.122 views

CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00972EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.122 views

CVE-2018-6083

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

8.8CVSS7.7AI score0.00972EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.122 views

CVE-2018-6166

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.121 views

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage c...

10CVSS9.4AI score0.1791EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.121 views

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.8AI score0.00501EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.121 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.121 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00508EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.121 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00369EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.120 views

CVE-2012-1970

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application cr...

10CVSS9.8AI score0.00873EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.120 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00362EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.120 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.0095EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.120 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5CVSS6.7AI score0.02195EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.120 views

CVE-2016-4302

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

7.8CVSS8.2AI score0.02337EPSS
Web
CVE
CVE
added 2017/09/14 6:29 a.m.120 views

CVE-2017-12899

The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

9.8CVSS9.3AI score0.0206EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.120 views

CVE-2018-16068

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.4AI score0.01655EPSS
CVE
CVE
added 2018/09/05 6:29 p.m.120 views

CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

5.5CVSS6AI score0.00352EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.120 views

CVE-2018-6040

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

6.5CVSS5.7AI score0.00606EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.119 views

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS10AI score0.02752EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.119 views

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5CVSS4.8AI score0.00555EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.119 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.119 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00501EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.119 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.119 views

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.00679EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.119 views

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS7AI score0.36848EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.119 views

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thu...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.119 views

CVE-2017-7828

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

9.8CVSS8.2AI score0.34671EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.119 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.119 views

CVE-2018-16078

Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.4AI score0.00472EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.119 views

CVE-2018-17474

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01384EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.119 views

CVE-2018-6062

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.2AI score0.01241EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.119 views

CVE-2018-6096

A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

6.5CVSS6.3AI score0.00963EPSS
Total number of security vulnerabilities1890