Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2018/08/28 7:29 p.m.71 views

CVE-2017-15426

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.0066EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.71 views

CVE-2018-6100

Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.4AI score0.00963EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.70 views

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the thro...

5CVSS6AI score0.00704EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.70 views

CVE-2015-1231

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.6AI score0.01158EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

7.5CVSS8.1AI score0.01479EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1694

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

5.3CVSS6AI score0.00713EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1701

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

8.8CVSS8.1AI score0.01479EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.70 views

CVE-2016-4129

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.70 views

CVE-2016-4132

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2014/11/13 9:32 p.m.69 views

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing r...

5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.69 views

CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01778EPSS
CVE
CVE
added 2017/07/25 6:29 p.m.69 views

CVE-2015-3149

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

5.5CVSS5.2AI score0.00067EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1685

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.69 views

CVE-2016-3099

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

7.5CVSS5.3AI score0.0028EPSS
CVE
CVE
added 2016/07/12 7:59 p.m.69 views

CVE-2016-5009

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

6.5CVSS6.1AI score0.0174EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.69 views

CVE-2016-7050

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

9.8CVSS9.5AI score0.01081EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.69 views

CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service ...

8.1CVSS7.7AI score0.00177EPSS
CVE
CVE
added 2018/05/19 5:29 p.m.69 views

CVE-2018-4944

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

10CVSS9.5AI score0.24908EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.68 views

CVE-2004-0643

Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

4.6CVSS9.3AI score0.00132EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.68 views

CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attack...

4.3CVSS9.1AI score0.01102EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.68 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier ...

4.3CVSS8.2AI score0.00962EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.68 views

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats cer...

6.4CVSS8.8AI score0.00964EPSS
CVE
CVE
added 2016/12/14 10:59 p.m.68 views

CVE-2014-8241

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

9.8CVSS9AI score0.0454EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.68 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.0142EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.68 views

CVE-2016-4140

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.68 views

CVE-2016-4145

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.68 views

CVE-2016-5416

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.

7.5CVSS8.2AI score0.00296EPSS
CVE
CVE
added 2018/07/27 8:29 p.m.68 views

CVE-2017-15101

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

9.8CVSS8AI score0.00316EPSS
CVE
CVE
added 2012/11/11 1:0 p.m.67 views

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

6.8CVSS8.7AI score0.2646EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.67 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.67 views

CVE-2016-4124

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.67 views

CVE-2016-4128

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.67 views

CVE-2016-4130

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.67 views

CVE-2016-4143

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.8AI score0.03697EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.67 views

CVE-2016-4144

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2017/06/08 7:29 p.m.67 views

CVE-2016-4992

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.

7.5CVSS8.3AI score0.00331EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.67 views

CVE-2018-12825

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.

9.8CVSS9.2AI score0.14984EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.66 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS
Web
CVE
CVE
added 2012/06/05 10:55 p.m.66 views

CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

6.5CVSS6.7AI score0.01412EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.66 views

CVE-2015-1229

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5CVSS6AI score0.00317EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.66 views

CVE-2016-4122

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.66 views

CVE-2016-4127

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.02182EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.66 views

CVE-2016-4155

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.04131EPSS
CVE
CVE
added 2016/10/13 7:59 p.m.66 views

CVE-2016-4286

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

9.3CVSS8.4AI score0.02415EPSS
CVE
CVE
added 2017/04/11 6:59 p.m.66 views

CVE-2016-4445

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

7CVSS6.8AI score0.0007EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.66 views

CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

7.8CVSS7.8AI score0.0013EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.65 views

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same O...

6.8CVSS9AI score0.01406EPSS
CVE
CVE
added 2016/06/16 2:59 p.m.65 views

CVE-2016-4133

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS
CVE
CVE
added 2016/08/10 2:59 p.m.65 views

CVE-2016-5408

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-201...

9.8CVSS8.9AI score0.05371EPSS
CVE
CVE
added 2018/09/25 1:29 p.m.65 views

CVE-2018-15967

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.4AI score0.02782EPSS
Total number of security vulnerabilities1890