Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2017/04/24 11:59 p.m.90 views

CVE-2017-5040

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

4.3CVSS4.8AI score0.03922EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.90 views

CVE-2017-5087

A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

8.8CVSS8.4AI score0.00911EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.90 views

CVE-2018-5806

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

6.5CVSS7AI score0.00542EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.89 views

CVE-2012-3957

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.02961EPSS
CVE
CVE
added 2012/10/22 11:55 p.m.89 views

CVE-2012-4406

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

9.8CVSS9.4AI score0.07793EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.89 views

CVE-2013-0759

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in t...

5CVSS6.3AI score0.01368EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.89 views

CVE-2013-1532

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

4CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2018/03/12 2:29 a.m.89 views

CVE-2014-8130

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated ...

6.5CVSS7.2AI score0.02075EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.89 views

CVE-2014-9664

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

6.8CVSS7.9AI score0.0113EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.89 views

CVE-2014-9670

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first ...

4.3CVSS7.1AI score0.04289EPSS
CVE
CVE
added 2015/12/17 7:59 p.m.89 views

CVE-2015-5277

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

7.2CVSS7.9AI score0.00091EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.89 views

CVE-2016-4137

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.4017EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.89 views

CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

9.8CVSS9.1AI score0.00593EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.89 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.89 views

CVE-2017-5044

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.6AI score0.01013EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.89 views

CVE-2017-5068

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

7.5CVSS7.1AI score0.00415EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.89 views

CVE-2018-6147

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

5.5CVSS5AI score0.00029EPSS
CVE
CVE
added 2019/05/22 7:29 p.m.89 views

CVE-2019-7837

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.01421EPSS
CVE
CVE
added 2009/11/16 7:30 p.m.88 views

CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

7.1CVSS6.4AI score0.00044EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.88 views

CVE-2013-0763

Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors r...

9.3CVSS9.3AI score0.01107EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.88 views

CVE-2013-1552

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS4.5AI score0.00473EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.88 views

CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerabilit...

10CVSS6.5AI score0.2861EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.88 views

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors...

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2017/12/09 6:29 a.m.88 views

CVE-2017-11225

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- poten...

10CVSS9.2AI score0.05822EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.88 views

CVE-2017-15399

A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.9AI score0.30445EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.88 views

CVE-2017-15407

Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

8.8CVSS8.4AI score0.02028EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.88 views

CVE-2017-5111

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01484EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.88 views

CVE-2018-7726

An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.4AI score0.00348EPSS
CVE
CVE
added 2010/03/05 7:30 p.m.87 views

CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client ...

7.5CVSS7.4AI score0.09847EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.87 views

CVE-2012-3180

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00613EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.87 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.87 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
CVE
CVE
added 2013/04/17 5:55 p.m.87 views

CVE-2013-2375

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS4.5AI score0.00482EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.87 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.07656EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.87 views

CVE-2014-9667

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

6.8CVSS7.9AI score0.01712EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.87 views

CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

6.5CVSS6.7AI score0.10058EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.87 views

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

7.1CVSS6.8AI score0.00086EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.87 views

CVE-2017-15410

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.00936EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.87 views

CVE-2017-5076

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/02/16 11:59 a.m.87 views

CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a fai...

5.5CVSS5.8AI score0.0028EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.87 views

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird

4.3CVSS5.5AI score0.00879EPSS
CVE
CVE
added 2018/09/27 8:29 p.m.87 views

CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tm...

5.9CVSS4.7AI score0.00044EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.87 views

CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

9.6CVSS8.3AI score0.00885EPSS
CVE
CVE
added 2007/12/18 1:46 a.m.86 views

CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

4.9CVSS7AI score0.00099EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.86 views

CVE-2012-3988

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen ...

9.3CVSS9.3AI score0.03584EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.86 views

CVE-2012-3994

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and ...

4.3CVSS8.2AI score0.00927EPSS
CVE
CVE
added 2013/04/17 12:19 p.m.86 views

CVE-2013-1555

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4CVSS4.3AI score0.00432EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.86 views

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.5CVSS7AI score0.01283EPSS
CVE
CVE
added 2018/07/27 8:29 p.m.86 views

CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

7.2CVSS6.9AI score0.00034EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.86 views

CVE-2017-15424

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.0066EPSS
Total number of security vulnerabilities1890