Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2013/10/16 5:55 p.m.88 views

CVE-2013-5829

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than ...

10CVSS6.5AI score0.20978EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.88 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.06268EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.88 views

CVE-2014-9667

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

6.8CVSS7.9AI score0.01712EPSS
CVE
CVE
added 2017/12/09 6:29 a.m.88 views

CVE-2017-11225

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- poten...

10CVSS9.2AI score0.05822EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.88 views

CVE-2017-15410

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.00936EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.88 views

CVE-2017-5035

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

8.1CVSS7.7AI score0.00435EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.88 views

CVE-2017-5043

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

8.8CVSS8.2AI score0.01098EPSS
CVE
CVE
added 2010/03/05 7:30 p.m.87 views

CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client ...

7.5CVSS7.4AI score0.09847EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.87 views

CVE-2016-1681

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

8.8CVSS8.9AI score0.0128EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.87 views

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.5CVSS7AI score0.01283EPSS
CVE
CVE
added 2018/07/27 8:29 p.m.87 views

CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

7.2CVSS6.9AI score0.00034EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.87 views

CVE-2017-15424

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.0066EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.87 views

CVE-2017-5038

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

6.8CVSS6.7AI score0.00942EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.87 views

CVE-2017-5076

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.87 views

CVE-2017-5101

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS
CVE
CVE
added 2017/11/21 5:29 p.m.87 views

CVE-2017-7550

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in t...

9.8CVSS8.9AI score0.00498EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.87 views

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird

4.3CVSS5.5AI score0.00879EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.87 views

CVE-2018-12824

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

5.9CVSS6.8AI score0.01288EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.87 views

CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

9.6CVSS8.3AI score0.00885EPSS
CVE
CVE
added 2016/04/15 2:59 p.m.86 views

CVE-2010-5325

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

9.8CVSS9AI score0.05963EPSS
CVE
CVE
added 2011/07/28 10:55 p.m.86 views

CVE-2011-2689

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little ...

4.9CVSS6AI score0.00096EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.86 views

CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecifie...

9.3CVSS9.6AI score0.09485EPSS
CVE
CVE
added 2017/10/18 8:29 p.m.86 views

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

9.8CVSS9AI score0.10892EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.86 views

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController...

8.1CVSS7.2AI score0.01931EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.86 views

CVE-2016-7163

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

7.8CVSS8AI score0.00337EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.86 views

CVE-2016-7865

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.11156EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.86 views

CVE-2017-5065

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

4.7CVSS5.3AI score0.00709EPSS
CVE
CVE
added 2017/02/16 11:59 a.m.86 views

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVE
added 2018/03/06 5:29 p.m.86 views

CVE-2018-7727

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

6.5CVSS4.7AI score0.00094EPSS
CVE
CVE
added 2019/07/30 2:15 p.m.86 views

CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the mod...

7.4CVSS8.2AI score0.01505EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.85 views

CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS7.1AI score0.01327EPSS
CVE
CVE
added 2014/12/16 11:59 p.m.85 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.85 views

CVE-2016-4149

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02953EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.85 views

CVE-2017-15413

Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00916EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.85 views

CVE-2017-5095

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

8.8CVSS8.4AI score0.01587EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.85 views

CVE-2017-5098

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.1AI score0.03366EPSS
CVE
CVE
added 2022/09/01 9:15 p.m.85 views

CVE-2022-2738

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution ...

7.5CVSS7.6AI score0.03032EPSS
CVE
CVE
added 2008/08/08 6:41 p.m.84 views

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obt...

2.1CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2008/08/27 8:41 p.m.84 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.84 views

CVE-2016-1696

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00981EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.84 views

CVE-2016-7859

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2017/12/09 6:29 a.m.84 views

CVE-2017-11215

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code ...

10CVSS9.2AI score0.05822EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.84 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

6.5CVSS6.3AI score0.00748EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.84 views

CVE-2017-15423

Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

5.3CVSS5.7AI score0.00599EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.84 views

CVE-2017-5077

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS
CVE
CVE
added 2017/08/22 6:29 p.m.84 views

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

8.8CVSS7.6AI score0.01645EPSS
CVE
CVE
added 2017/02/16 11:59 a.m.84 views

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

5.5CVSS5.7AI score0.00354EPSS
CVE
CVE
added 2018/07/26 1:29 p.m.84 views

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

7.5CVSS7.3AI score0.00079EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.83 views

CVE-2009-1837

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for me...

9.3CVSS7.9AI score0.02184EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.83 views

CVE-2012-3968

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a frag...

10CVSS9.2AI score0.01852EPSS
Total number of security vulnerabilities1890