Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2016/04/21 10:59 a.m.108 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.00273EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.108 views

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.20473EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.108 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS
CVE
CVE
added 2018/08/01 4:29 p.m.108 views

CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1...

7.5CVSS7.2AI score0.18297EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.108 views

CVE-2017-13084

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7AI score0.01244EPSS
CVE
CVE
added 2018/04/12 5:29 p.m.108 views

CVE-2018-1084

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

7.5CVSS7.5AI score0.008EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.108 views

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

6.5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.108 views

CVE-2018-6035

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

8.8CVSS5.7AI score0.01563EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.108 views

CVE-2018-6039

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

6.1CVSS5.8AI score0.00909EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.108 views

CVE-2018-6060

Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01583EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.108 views

CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00758EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.108 views

CVE-2018-6079

Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00698EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.108 views

CVE-2018-6135

Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS5.7AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.108 views

CVE-2018-6144

Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

8.8CVSS6AI score0.01655EPSS
CVE
CVE
added 2020/07/13 9:15 p.m.108 views

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the c...

8.8CVSS8.5AI score0.48812EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.107 views

CVE-2012-0572

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00713EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.107 views

CVE-2012-3972

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trig...

5CVSS8.8AI score0.04549EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.107 views

CVE-2013-0384

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

6.8CVSS4.3AI score0.01505EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.107 views

CVE-2013-0780

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a de...

9.3CVSS9.4AI score0.02146EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.107 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.107 views

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

4.3CVSS6.6AI score0.06332EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.107 views

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

4.3CVSS6.6AI score0.06332EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.107 views

CVE-2016-0609

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

1.7CVSS5.1AI score0.00876EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.107 views

CVE-2016-9635

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

9.8CVSS9.2AI score0.2046EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.107 views

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the...

7.8CVSS7.1AI score0.03662EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.107 views

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox

9.8CVSS7.6AI score0.00365EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.107 views

CVE-2018-5801

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

6.5CVSS7AI score0.01363EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.107 views

CVE-2018-6109

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.106 views

CVE-2012-3160

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

2.1CVSS4.1AI score0.00148EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.106 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.106 views

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of s...

9.8CVSS8.4AI score0.06412EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.106 views

CVE-2016-0606

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

3.5CVSS5AI score0.00202EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.106 views

CVE-2017-5061

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

5.3CVSS5.4AI score0.00465EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.106 views

CVE-2017-5451

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbi...

4.3CVSS5.7AI score0.00588EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.106 views

CVE-2017-5455

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox

7.5CVSS8.3AI score0.02784EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.106 views

CVE-2017-5467

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8AI score0.01301EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.106 views

CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.5AI score0.0122EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.106 views

CVE-2018-6152

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HT...

9.6CVSS8.2AI score0.00916EPSS
CVE
CVE
added 2018/03/25 3:29 a.m.106 views

CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

6.5CVSS6.1AI score0.00298EPSS
CVE
CVE
added 2019/06/12 4:29 p.m.106 views

CVE-2019-7845

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

8.8CVSS8.8AI score0.10976EPSS
CVE
CVE
added 2025/04/03 3:15 a.m.106 views

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

7CVSS7AI score0.00957EPSS
CVE
CVE
added 2007/05/09 12:19 a.m.105 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.05482EPSS
CVE
CVE
added 2009/11/20 5:30 p.m.105 views

CVE-2009-3080

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

7.2CVSS7AI score0.0007EPSS
Web
CVE
CVE
added 2011/02/18 8:0 p.m.105 views

CVE-2011-1044

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fil...

2.1CVSS5.4AI score0.00069EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.105 views

CVE-2012-3150

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00635EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.105 views

CVE-2013-0768

Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies inv...

9.3CVSS9.6AI score0.04815EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.105 views

CVE-2013-2378

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

6.5CVSS4.3AI score0.00473EPSS
CVE
CVE
added 2022/09/29 3:15 a.m.105 views

CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by rea...

5.5CVSS5.4AI score0.00043EPSS
CVE
CVE
added 2016/01/08 9:59 p.m.105 views

CVE-2015-7512

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

9CVSS9.3AI score0.14731EPSS
CVE
CVE
added 2016/04/12 2:0 a.m.105 views

CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

8.4CVSS6.6AI score0.00058EPSS
Total number of security vulnerabilities1890