Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2013/01/17 1:55 a.m.109 views

CVE-2012-0572

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00713EPSS
CVE
CVE
added 2018/08/01 4:29 p.m.109 views

CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1...

7.5CVSS7.2AI score0.18297EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.109 views

CVE-2016-9635

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

9.8CVSS9.2AI score0.16094EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.109 views

CVE-2017-13084

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7AI score0.01244EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.109 views

CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.5AI score0.0122EPSS
CVE
CVE
added 2018/12/11 4:29 p.m.109 views

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

6.5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.109 views

CVE-2018-6060

Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01583EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.109 views

CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00758EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.109 views

CVE-2018-6079

Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00698EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.109 views

CVE-2018-6144

Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

8.8CVSS6AI score0.01655EPSS
CVE
CVE
added 2020/07/13 10:15 p.m.109 views

CVE-2020-14300

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in t...

8.8CVSS7.1AI score0.00388EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.108 views

CVE-2012-3160

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

2.1CVSS4.1AI score0.00144EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.108 views

CVE-2013-2378

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

6.5CVSS4.3AI score0.00473EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.108 views

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the...

7.8CVSS7.1AI score0.03662EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.108 views

CVE-2017-5061

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

5.3CVSS5.4AI score0.00465EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.108 views

CVE-2018-5801

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

6.5CVSS7AI score0.01337EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.108 views

CVE-2018-6047

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.

4.3CVSS4.8AI score0.00838EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.108 views

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.2AI score0.01391EPSS
CVE
CVE
added 2018/03/25 3:29 a.m.108 views

CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

6.5CVSS6.1AI score0.00298EPSS
CVE
CVE
added 2007/05/09 12:19 a.m.107 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.05482EPSS
CVE
CVE
added 2009/11/20 5:30 p.m.107 views

CVE-2009-3080

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

7.2CVSS7AI score0.0007EPSS
CVE
CVE
added 2011/02/18 8:0 p.m.107 views

CVE-2011-1044

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fil...

2.1CVSS5.4AI score0.00069EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.107 views

CVE-2012-3150

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00635EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.107 views

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

5.8CVSS8.8AI score0.01287EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.107 views

CVE-2014-2432

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

2.8CVSS4.2AI score0.01404EPSS
CVE
CVE
added 2015/01/21 7:59 p.m.107 views

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

4CVSS6.1AI score0.00482EPSS
CVE
CVE
added 2022/09/29 3:15 a.m.107 views

CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by rea...

5.5CVSS5.4AI score0.00043EPSS
CVE
CVE
added 2016/01/08 9:59 p.m.107 views

CVE-2015-7512

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

9CVSS9.3AI score0.14185EPSS
CVE
CVE
added 2016/04/12 2:0 a.m.107 views

CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

8.4CVSS6.6AI score0.00058EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.107 views

CVE-2017-15429

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1CVSS6.2AI score0.00728EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.107 views

CVE-2018-6054

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS6.7AI score0.01442EPSS
CVE
CVE
added 2019/06/12 4:29 p.m.107 views

CVE-2019-7845

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

8.8CVSS8.8AI score0.10976EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.106 views

CVE-2012-1690

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

4CVSS4.3AI score0.00938EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.106 views

CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5CVSS8.4AI score0.02089EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.106 views

CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

6.5CVSS6.5AI score0.02481EPSS
CVE
CVE
added 2017/09/14 6:29 a.m.106 views

CVE-2017-12896

The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().

9.8CVSS9.3AI score0.0206EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.106 views

CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

6.1CVSS6.4AI score0.00388EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.106 views

CVE-2018-6152

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HT...

9.6CVSS8.2AI score0.00898EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.106 views

CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.

6.5CVSS6.4AI score0.0082EPSS
CVE
CVE
added 2021/03/18 7:15 p.m.106 views

CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resourc...

3.7CVSS3.8AI score0.00395EPSS
CVE
CVE
added 2007/12/04 12:46 a.m.105 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2012/07/17 10:55 p.m.105 views

CVE-2012-1689

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00555EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.105 views

CVE-2012-3167

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

3.5CVSS4.2AI score0.00536EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.105 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.105 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.105 views

CVE-2013-0767

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary cod...

10CVSS9.5AI score0.01907EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.105 views

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

1.9CVSS5.6AI score0.00051EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.105 views

CVE-2017-5071

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.3AI score0.00782EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.105 views

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thund...

9.8CVSS8.1AI score0.01973EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.105 views

CVE-2018-6033

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

8.8CVSS6.4AI score0.01563EPSS
Total number of security vulnerabilities1890