Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2011/04/10 2:51 a.m.100 views

CVE-2011-1163

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

2.1CVSS7.5AI score0.00108EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.100 views

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) m...

9.3CVSS9.9AI score0.01248EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.100 views

CVE-2012-3961

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap me...

10CVSS9.4AI score0.02093EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.100 views

CVE-2012-3967

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remo...

9.3CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.100 views

CVE-2013-1531

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

6.5CVSS4.3AI score0.00473EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.100 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.100 views

CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

6.8CVSS7.8AI score0.01778EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.100 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

6.4CVSS7AI score0.01475EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.100 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8CVSS6.8AI score0.014EPSS
CVE
CVE
added 2015/12/17 7:59 p.m.100 views

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

7.5CVSS7.5AI score0.1692EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.100 views

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.3AI score0.00499EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.100 views

CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

5.5CVSS6.1AI score0.00246EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.100 views

CVE-2016-9634

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

9.8CVSS9.2AI score0.16094EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.100 views

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.9AI score0.53947EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.100 views

CVE-2017-5053

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.

9.6CVSS8.8AI score0.01386EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.100 views

CVE-2017-5060

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00688EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.100 views

CVE-2017-5093

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

6.5CVSS6.3AI score0.01156EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.100 views

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Fi...

8.8CVSS8AI score0.01024EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.100 views

CVE-2018-6052

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.

4.3CVSS5.2AI score0.00838EPSS
CVE
CVE
added 2019/02/17 2:29 a.m.100 views

CVE-2019-8383

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other...

7.8CVSS7.7AI score0.00179EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.99 views

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

4CVSS4.5AI score0.0071EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.99 views

CVE-2012-1688

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

4CVSS4.4AI score0.00607EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.99 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.99 views

CVE-2014-9658

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.99 views

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

7.8CVSS8.1AI score0.00129EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.99 views

CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.00401EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.99 views

CVE-2017-15415

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

6.5CVSS6.3AI score0.00729EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.99 views

CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

6.5CVSS5.5AI score0.00558EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.99 views

CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.

6.1CVSS4.7AI score0.00854EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.99 views

CVE-2017-5056

A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.5AI score0.00911EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.99 views

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

7.5CVSS7.6AI score0.01484EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.99 views

CVE-2018-5802

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

8.8CVSS8.2AI score0.00691EPSS
CVE
CVE
added 2018/09/25 2:29 p.m.99 views

CVE-2018-6038

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS6.3AI score0.0103EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.99 views

CVE-2018-6117

Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00992EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.98 views

CVE-2012-1973

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial ...

10CVSS9.4AI score0.04246EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.98 views

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denia...

9.3CVSS9.9AI score0.01145EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.98 views

CVE-2013-2389

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2014/11/15 8:59 p.m.98 views

CVE-2014-4975

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

5CVSS5.4AI score0.02493EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.98 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

5.3CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.98 views

CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird

5.3CVSS6.1AI score0.01565EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.97 views

CVE-2012-3197

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS4.2AI score0.00594EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.97 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.97 views

CVE-2013-1521

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

6.5CVSS4.3AI score0.00465EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.97 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.06623EPSS
CVE
CVE
added 2016/05/25 3:59 p.m.97 views

CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

6.5CVSS6.4AI score0.00064EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.97 views

CVE-2017-15411

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.00936EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.97 views

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.01973EPSS
CVE
CVE
added 2017/07/25 2:29 p.m.97 views

CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

7.8CVSS7.2AI score0.00166EPSS
CVE
CVE
added 2018/11/29 8:29 p.m.97 views

CVE-2018-15981

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.4AI score0.30668EPSS
CVE
CVE
added 2018/01/12 12:29 a.m.97 views

CVE-2018-5345

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

7.8CVSS7.7AI score0.00752EPSS
Total number of security vulnerabilities1890