Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2014/07/20 11:12 a.m.92 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.92 views

CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.92 views

CVE-2014-9671

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

4.3CVSS7AI score0.02723EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.92 views

CVE-2017-15420

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS5.5AI score0.00909EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.92 views

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

9.8CVSS9.5AI score0.01003EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.92 views

CVE-2017-5040

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

4.3CVSS4.8AI score0.03922EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.92 views

CVE-2017-7000

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8.5AI score0.00615EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.92 views

CVE-2018-5806

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

6.5CVSS7AI score0.00532EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.92 views

CVE-2018-7725

An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

6.5CVSS5.5AI score0.00348EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.91 views

CVE-2012-3957

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.02961EPSS
CVE
CVE
added 2012/10/22 11:55 p.m.91 views

CVE-2012-4406

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

9.8CVSS9.4AI score0.07793EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.91 views

CVE-2013-0759

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in t...

5CVSS6.3AI score0.01368EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.91 views

CVE-2013-1532

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

4CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.91 views

CVE-2013-1552

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS4.5AI score0.00473EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.91 views

CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerabilit...

10CVSS6.5AI score0.2861EPSS
CVE
CVE
added 2014/08/14 5:1 a.m.91 views

CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via net...

7.6CVSS7.8AI score0.07384EPSS
CVE
CVE
added 2015/03/18 4:59 p.m.91 views

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home direct...

4.4CVSS6.3AI score0.0011EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.91 views

CVE-2015-1212

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.0062EPSS
CVE
CVE
added 2015/12/17 7:59 p.m.91 views

CVE-2015-5277

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

7.2CVSS7.9AI score0.00091EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.91 views

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

10CVSS9.1AI score0.65184EPSS
Web
CVE
CVE
added 2016/09/21 2:25 p.m.91 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS
CVE
CVE
added 2017/10/05 9:29 p.m.91 views

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checko...

9.8CVSS9.6AI score0.06022EPSS
Web
CVE
CVE
added 2018/08/28 8:29 p.m.91 views

CVE-2017-15399

A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.9AI score0.30445EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.91 views

CVE-2017-5044

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.6AI score0.01013EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5083

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

4.3CVSS4.9AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5087

A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

8.8CVSS8.4AI score0.00911EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.90 views

CVE-2013-2375

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS4.5AI score0.00482EPSS
CVE
CVE
added 2018/03/12 2:29 a.m.90 views

CVE-2014-8130

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated ...

6.5CVSS7.2AI score0.02075EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.90 views

CVE-2014-9664

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

6.8CVSS7.9AI score0.0113EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.90 views

CVE-2014-9670

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first ...

4.3CVSS7.1AI score0.04289EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.90 views

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors...

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.90 views

CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

9.8CVSS9.1AI score0.00593EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.90 views

CVE-2017-5111

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01484EPSS
CVE
CVE
added 2017/02/16 11:59 a.m.90 views

CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a fai...

5.5CVSS5.8AI score0.0028EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.90 views

CVE-2018-6147

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

5.5CVSS5AI score0.00029EPSS
CVE
CVE
added 2019/05/22 7:29 p.m.90 views

CVE-2019-7837

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.01421EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.89 views

CVE-2012-3180

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00613EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.89 views

CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

6.5CVSS6.7AI score0.10058EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.89 views

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

7.1CVSS6.8AI score0.00073EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.89 views

CVE-2016-4137

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.4017EPSS
Web
CVE
CVE
added 2018/08/28 7:29 p.m.89 views

CVE-2017-15407

Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

8.8CVSS8.4AI score0.02028EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.89 views

CVE-2017-5068

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

7.5CVSS7.1AI score0.00415EPSS
CVE
CVE
added 2018/09/27 8:29 p.m.89 views

CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tm...

5.9CVSS4.7AI score0.00044EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.89 views

CVE-2018-6113

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.2AI score0.00963EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.89 views

CVE-2018-7726

An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.4AI score0.00348EPSS
CVE
CVE
added 2007/12/18 1:46 a.m.88 views

CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

4.9CVSS7AI score0.00099EPSS
CVE
CVE
added 2010/11/17 1:0 a.m.88 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.01623EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.88 views

CVE-2011-2834

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

6.8CVSS8.2AI score0.03748EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.88 views

CVE-2013-0763

Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors r...

9.3CVSS9.3AI score0.01107EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.88 views

CVE-2013-1555

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4CVSS4.3AI score0.00432EPSS
Total number of security vulnerabilities1890