Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2017/10/27 5:29 a.m.75 views

CVE-2017-5073

Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.5AI score0.00911EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.75 views

CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox

7.5CVSS7AI score0.0054EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.75 views

CVE-2018-12827

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.9AI score0.26767EPSS
Web
CVE
CVE
added 2018/07/09 7:29 p.m.75 views

CVE-2018-4945

Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

8.8CVSS7.6AI score0.03172EPSS
CVE
CVE
added 2010/06/22 5:30 p.m.74 views

CVE-2010-1637

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

6.5CVSS5.9AI score0.00137EPSS
CVE
CVE
added 2012/06/17 3:41 a.m.74 views

CVE-2012-0037

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF documen...

6.5CVSS6.2AI score0.00534EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.74 views

CVE-2012-3963

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.4AI score0.02314EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.74 views

CVE-2012-4215

Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a de...

9.3CVSS9AI score0.04317EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.74 views

CVE-2012-5839

Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via un...

9.3CVSS9.1AI score0.05209EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.74 views

CVE-2012-5840

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial ...

9.3CVSS9.1AI score0.04317EPSS
CVE
CVE
added 2014/01/18 7:55 p.m.74 views

CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6AI score0.02998EPSS
CVE
CVE
added 2014/08/19 6:55 p.m.74 views

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

4CVSS8.6AI score0.0219EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.74 views

CVE-2016-4151

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.04131EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.74 views

CVE-2016-7861

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.11156EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.74 views

CVE-2016-7863

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.73 views

CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

7.5CVSS9.9AI score0.25795EPSS
CVE
CVE
added 2010/11/06 12:0 a.m.73 views

CVE-2010-4203

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

10CVSS9.5AI score0.08115EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.73 views

CVE-2012-4179

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denia...

9.3CVSS9.4AI score0.05468EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.73 views

CVE-2012-4183

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of...

9.3CVSS9.4AI score0.02721EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.73 views

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS8.8AI score0.01307EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.73 views

CVE-2016-1695

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.01191EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.73 views

CVE-2016-4123

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.73 views

CVE-2016-4136

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.4017EPSS
Web
CVE
CVE
added 2016/06/16 2:59 p.m.73 views

CVE-2016-4142

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.73 views

CVE-2016-4148

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.73 views

CVE-2016-4156

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.06245EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.73 views

CVE-2017-5106

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.4AI score0.01156EPSS
CVE
CVE
added 2018/07/09 7:29 p.m.73 views

CVE-2018-5000

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

6.5CVSS6.8AI score0.01114EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.72 views

CVE-2012-0260

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

6.5CVSS6.7AI score0.01936EPSS
CVE
CVE
added 2014/12/18 3:59 p.m.72 views

CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5CVSS8.7AI score0.04433EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.72 views

CVE-2016-1687

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

6.5CVSS6.5AI score0.02058EPSS
CVE
CVE
added 2018/09/10 4:29 p.m.72 views

CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root ...

8.8CVSS7.5AI score0.00103EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.72 views

CVE-2016-7860

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.7AI score0.11156EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.72 views

CVE-2016-7864

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2018/07/31 7:29 p.m.72 views

CVE-2016-8626

A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

6.8CVSS6.2AI score0.02873EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.72 views

CVE-2017-5102

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

4.3CVSS4.8AI score0.01156EPSS
CVE
CVE
added 2018/07/20 7:29 p.m.72 views

CVE-2018-5008

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.4AI score0.06871EPSS
CVE
CVE
added 2009/10/23 6:30 p.m.71 views

CVE-2009-3616

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect int...

9.9CVSS9.7AI score0.00858EPSS
CVE
CVE
added 2013/02/27 12:55 a.m.71 views

CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SW...

9.3CVSS7.6AI score0.36303EPSS
In wild
CVE
CVE
added 2014/12/08 4:59 p.m.71 views

CVE-2014-9273

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

4.6CVSS7.1AI score0.00179EPSS
CVE
CVE
added 2020/01/14 6:15 p.m.71 views

CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

6.5CVSS6AI score0.00535EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.71 views

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.1CVSS7.4AI score0.00086EPSS
CVE
CVE
added 2015/12/07 6:59 p.m.71 views

CVE-2015-5273

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.

3.6CVSS6.1AI score0.00334EPSS
CVE
CVE
added 2017/10/18 8:29 p.m.71 views

CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8CVSS9AI score0.06044EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.71 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01034EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.71 views

CVE-2016-1686

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF docu...

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.71 views

CVE-2016-4146

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.71 views

CVE-2016-4154

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.04131EPSS
CVE
CVE
added 2016/11/08 5:59 p.m.71 views

CVE-2016-7862

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08079EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.71 views

CVE-2017-15425

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.0066EPSS
Total number of security vulnerabilities1890