Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2013/12/11 3:55 p.m.94 views

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3CVSS9.1AI score0.00245EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.93 views

CVE-2013-1521

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

6.5CVSS4.3AI score0.00465EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.93 views

CVE-2013-1544

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

4CVSS4.3AI score0.00562EPSS
CVE
CVE
added 2020/02/11 4:15 p.m.93 views

CVE-2013-4535

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

8.8CVSS8.4AI score0.0038EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.93 views

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8CVSS9.6AI score0.02874EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.93 views

CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn...

10CVSS6.3AI score0.14276EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.93 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

7.5CVSS8.3AI score0.00501EPSS
CVE
CVE
added 2014/12/12 3:59 p.m.93 views

CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

7.5CVSS7.1AI score0.02455EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.93 views

CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

7.5CVSS7.8AI score0.0356EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.93 views

CVE-2014-9673

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

6.8CVSS7.9AI score0.02702EPSS
CVE
CVE
added 2015/09/08 3:59 p.m.93 views

CVE-2015-3247

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.

6.9CVSS7.9AI score0.00771EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.93 views

CVE-2017-5046

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.

4.3CVSS4.5AI score0.01156EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.93 views

CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

8.8CVSS7.8AI score0.00839EPSS
CVE
CVE
added 2018/11/29 8:29 p.m.93 views

CVE-2018-15981

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.4AI score0.31047EPSS
CVE
CVE
added 2018/02/06 9:29 p.m.93 views

CVE-2018-4877

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

10CVSS9.5AI score0.05038EPSS
CVE
CVE
added 2012/07/17 10:55 p.m.92 views

CVE-2012-1734

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.3AI score0.00887EPSS
CVE
CVE
added 2012/08/06 6:55 p.m.92 views

CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag with...

7.5CVSS6.9AI score0.04781EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.92 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via v...

4.3CVSS8.2AI score0.01138EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.92 views

CVE-2012-4181

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial...

9.3CVSS9.4AI score0.03145EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.92 views

CVE-2013-2391

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

3CVSS4.2AI score0.00154EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.92 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

3.5CVSS3.9AI score0.01187EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.92 views

CVE-2014-9663

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap ...

7.5CVSS7.8AI score0.01898EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.92 views

CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

5CVSS7.5AI score0.0141EPSS
CVE
CVE
added 2018/08/20 9:29 p.m.92 views

CVE-2015-5160

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.92 views

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.92 views

CVE-2017-5054

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

8.8CVSS8AI score0.00543EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.92 views

CVE-2017-7000

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8.5AI score0.00615EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.92 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird

8.8CVSS8.2AI score0.01352EPSS
CVE
CVE
added 2011/03/15 5:55 p.m.91 views

CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid point...

5.7CVSS6.2AI score0.00442EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.91 views

CVE-2012-1975

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service ...

10CVSS9.4AI score0.03305EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.91 views

CVE-2013-2392

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.91 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.91 views

CVE-2014-9671

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

4.3CVSS7AI score0.02723EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.91 views

CVE-2015-1212

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.0062EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.91 views

CVE-2016-1691

Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.

7.5CVSS8.2AI score0.01396EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.91 views

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

10CVSS9.1AI score0.65184EPSS
CVE
CVE
added 2017/10/05 9:29 p.m.91 views

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checko...

9.8CVSS9.6AI score0.06022EPSS
Web
CVE
CVE
added 2018/08/28 7:29 p.m.91 views

CVE-2017-15420

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS5.5AI score0.00909EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.91 views

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

9.8CVSS9.5AI score0.01003EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.91 views

CVE-2017-5037

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

7.8CVSS7.6AI score0.00279EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5083

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

4.3CVSS4.9AI score0.00709EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.91 views

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.

6.5CVSS6.3AI score0.00963EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.91 views

CVE-2018-7725

An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

6.5CVSS5.5AI score0.00348EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.90 views

CVE-2012-1974

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of s...

10CVSS9.4AI score0.03305EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.90 views

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

5.8CVSS8.8AI score0.01287EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.90 views

CVE-2013-0782

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified ...

9.3CVSS9.8AI score0.02889EPSS
CVE
CVE
added 2014/08/14 5:1 a.m.90 views

CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via net...

7.6CVSS7.8AI score0.07384EPSS
CVE
CVE
added 2015/03/18 4:59 p.m.90 views

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home direct...

4.4CVSS6.3AI score0.0011EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.90 views

CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVE
added 2015/07/02 9:59 p.m.90 views

CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

7.5CVSS4.5AI score0.02501EPSS
Total number of security vulnerabilities1890