Enterprise Linux Server Security Vulnerabilities and Issues — Page 24 of Enterprise Linux Server CVE List

9.8CVSS8.3AI score0.03671EPSS

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.03671EPSS

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.5AI score0.18598EPSS

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.1CVSS7.8AI score0.02616EPSS

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

8.8CVSS8.3AI score0.24544EPSS

CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE•added 2018/09/25 2:29 p.m.•110 views

CVE-2018-6034

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1CVSS5.8AI score0.01108EPSS

CVE•added 2018/11/14 3:29 p.m.•110 views

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

4.7CVSS5.2AI score0.00699EPSS

6.5CVSS6.3AI score0.00992EPSS

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.00662EPSS

CVE-2018-6114

Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.

9.6CVSS6.2AI score0.01655EPSS

CVE-2018-6127

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

6.5CVSS6.1AI score0.00963EPSS

CVE-2018-6165

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.5AI score0.00963EPSS

CVE-2018-6175

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE•added 2013/01/17 1:55 a.m.•109 views

CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

5.5CVSS3.9AI score0.004EPSS

CVE•added 2014/02/28 6:18 a.m.•109 views

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory co...

7.2CVSS6.5AI score0.00091EPSS

CVE•added 2018/03/12 2:29 a.m.•109 views

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in ti...

8.8CVSS7.6AI score0.00819EPSS

CVE•added 2016/04/08 3:59 p.m.•109 views

CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

7.5CVSS7.2AI score0.01EPSS

CVE•added 2015/12/15 9:59 p.m.•109 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5CVSS6.7AI score0.0357EPSS

CVE•added 2017/10/27 5:29 a.m.•109 views

CVE-2017-5089

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS

CVE•added 2017/10/27 5:29 a.m.•109 views

CVE-2017-5094

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

6.5CVSS6.4AI score0.00985EPSS

5.3CVSS6.1AI score0.01215EPSS

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8AI score0.02616EPSS

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.02343EPSS

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

5.4CVSS6.1AI score0.01416EPSS

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affect...

7.5CVSS6.1AI score0.00606EPSS

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS7.2AI score0.00789EPSS

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

CVE•added 2018/09/25 2:29 p.m.•109 views

CVE-2018-6031

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS6.7AI score0.01624EPSS

CVE•added 2018/09/25 2:29 p.m.•109 views

CVE-2018-6046

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

6.1CVSS5.8AI score0.00944EPSS

CVE•added 2019/01/09 7:29 p.m.•109 views

CVE-2018-6139

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

8.8CVSS6.5AI score0.01007EPSS

CVE•added 2011/02/18 8:0 p.m.•108 views

CVE-2010-4649

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

6.9CVSS6.6AI score0.00069EPSS

CVE•added 2016/01/12 7:59 p.m.•108 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

8.6CVSS7.9AI score0.05081EPSS

CVE•added 2015/08/12 2:59 p.m.•108 views

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3CVSS6.5AI score0.12372EPSS

CVE•added 2016/01/21 3:0 a.m.•108 views

CVE-2016-0505

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

6.8CVSS5AI score0.00709EPSS

CVE•added 2018/06/11 9:29 p.m.•108 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.02497EPSS

CVE•added 2018/06/11 9:29 p.m.•108 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00389EPSS

CVE•added 2018/05/09 3:29 p.m.•108 views

CVE-2018-1089

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, t...

7.5CVSS6.7AI score0.20194EPSS

7.4CVSS7.3AI score0.00217EPSS

CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

9.3CVSS6.5AI score0.01383EPSS

CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

8.8CVSS8AI score0.01655EPSS

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

6.5CVSS6.5AI score0.00963EPSS

CVE-2018-6163

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.2AI score0.00992EPSS

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.5AI score0.00963EPSS

CVE-2018-6167

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.