Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2016/04/21 10:59 a.m.113 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.00273EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.113 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.113 views

CVE-2016-9636

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buff...

9.8CVSS9.2AI score0.1664EPSS
CVE
CVE
added 2017/09/14 6:29 a.m.113 views

CVE-2017-12902

The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

9.8CVSS9.3AI score0.0206EPSS
CVE
CVE
added 2017/09/14 6:29 a.m.113 views

CVE-2017-12987

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

9.8CVSS9.3AI score0.0206EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.113 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.01973EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-17470

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

7.4CVSS8.1AI score0.01742EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.113 views

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

7.5CVSS7.2AI score0.00789EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.113 views

CVE-2018-6032

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

6.5CVSS5.7AI score0.00797EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

5.8CVSS6AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

9.3CVSS6.5AI score0.01383EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.112 views

CVE-2012-3982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application cr...

9.3CVSS9.8AI score0.01275EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.112 views

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions v...

4.3CVSS9AI score0.01538EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.112 views

CVE-2014-2436

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

6.5CVSS3.9AI score0.00825EPSS
CVE
CVE
added 2015/04/08 6:59 p.m.112 views

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

4CVSS7.7AI score0.00773EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.112 views

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

4.3CVSS6.6AI score0.0563EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.112 views

CVE-2016-0609

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

1.7CVSS5.1AI score0.00876EPSS
CVE
CVE
added 2017/07/17 5:29 p.m.112 views

CVE-2017-10978

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

7.5CVSS8.4AI score0.03305EPSS
CVE
CVE
added 2018/08/20 9:29 p.m.112 views

CVE-2018-1517

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.

7.5CVSS6.3AI score0.00588EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.112 views

CVE-2018-5170

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

4.3CVSS6.1AI score0.0117EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.112 views

CVE-2018-6051

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

4.3CVSS4.7AI score0.0057EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.112 views

CVE-2018-6064

Type Confusion in the implementation of defineGetter in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.21649EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.112 views

CVE-2018-6158

A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.6AI score0.01375EPSS
CVE
CVE
added 2012/07/17 10:55 p.m.111 views

CVE-2012-0540

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

4CVSS4.5AI score0.00555EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.111 views

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by tri...

10CVSS9.6AI score0.10378EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.111 views

CVE-2014-2419

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

4CVSS3.9AI score0.01361EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.111 views

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

3.5CVSS5.9AI score0.00237EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.111 views

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

4.3CVSS6.6AI score0.0563EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.111 views

CVE-2015-4864

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

3.5CVSS4.7AI score0.00347EPSS
CVE
CVE
added 2018/08/01 1:29 p.m.111 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS
CVE
CVE
added 2018/04/12 5:29 p.m.111 views

CVE-2018-1084

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

7.5CVSS7.5AI score0.008EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.111 views

CVE-2018-16088

A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.

6.5CVSS6.7AI score0.00429EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.111 views

CVE-2018-6035

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

8.8CVSS5.7AI score0.01563EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.111 views

CVE-2018-6039

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

6.1CVSS5.8AI score0.00909EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.111 views

CVE-2018-6109

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.110 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via v...

4.3CVSS8.2AI score0.01138EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.110 views

CVE-2012-4181

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial...

9.3CVSS9.4AI score0.03145EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.110 views

CVE-2013-0384

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

6.8CVSS4.3AI score0.01505EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.110 views

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3CVSS9.1AI score0.00245EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.110 views

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8CVSS9.6AI score0.02874EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.110 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

7.5CVSS8.3AI score0.00501EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.110 views

CVE-2016-0606

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

3.5CVSS5AI score0.00202EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.110 views

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.20473EPSS
CVE
CVE
added 2017/12/09 6:29 a.m.110 views

CVE-2017-11213

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized tr...

10CVSS9.3AI score0.11384EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-16066

A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.3AI score0.01496EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-16067

A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.3AI score0.0138EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-6135

Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS5.7AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-6170

A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.3AI score0.01655EPSS
CVE
CVE
added 2020/07/13 9:15 p.m.110 views

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the c...

8.8CVSS8.5AI score0.48812EPSS
CVE
CVE
added 2011/05/09 7:55 p.m.109 views

CVE-2011-1745

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

6.9CVSS6.3AI score0.00043EPSS
Total number of security vulnerabilities1890