Lucene search

K
RedhatEnterprise Linux Server

296 matches found

CVE
CVE
added 2019/01/03 3:29 p.m.256 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.256 views

CVE-2019-5770

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS5.8AI score0.01129EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.256 views

CVE-2019-5777

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.254 views

CVE-2019-13723

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.04727EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.254 views

CVE-2019-5756

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS6.9AI score0.02538EPSS
CVE
CVE
added 2019/01/29 12:29 a.m.254 views

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-o...

5.5CVSS6.9AI score0.00136EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.252 views

CVE-2019-13764

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.40709EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.251 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.40339EPSS
CVE
CVE
added 2019/01/14 7:29 p.m.250 views

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a rem...

8.1CVSS7.9AI score0.0138EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.250 views

CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

8.1CVSS5.9AI score0.00877EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.250 views

CVE-2019-5776

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/10/24 10:15 p.m.249 views

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5CVSS7.3AI score0.04061EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.248 views

CVE-2019-13743

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.3AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.248 views

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS5AI score0.00654EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.247 views

CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

6.5CVSS6.1AI score0.00124EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.246 views

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.0241EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.246 views

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00282EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.245 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.32159EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.245 views

CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01911EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.245 views

CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.01851EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.244 views

CVE-2019-13749

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.243 views

CVE-2019-8814

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary c...

9.3CVSS8.6AI score0.00704EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.242 views

CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabili...

8.8CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.242 views

CVE-2019-8544

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01683EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.241 views

CVE-2019-13757

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.1AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.241 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00877EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.241 views

CVE-2019-5769

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.241 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

6.5CVSS5.9AI score0.00493EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.240 views

CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.239 views

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.6AI score0.074EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.238 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2019/01/12 2:29 a.m.237 views

CVE-2018-20699

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

4.9CVSS5AI score0.00129EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.02375EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.02356EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.02568EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.0234EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.235 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

9.8CVSS8.1AI score0.06662EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.235 views

CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.234 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.03064EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13732

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03525EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13763

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

4.3CVSS4.7AI score0.02019EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.234 views

CVE-2019-5768

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.234 views

CVE-2019-8676

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.03566EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.233 views

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local at...

7.8CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.233 views

CVE-2019-8689

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.29403EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13729

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03545EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13739

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.4AI score0.01851EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13748

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6AI score0.00846EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.231 views

CVE-2019-13741

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.

8.8CVSS7.8AI score0.01702EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.231 views

CVE-2019-13742

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS6.2AI score0.0234EPSS
Total number of security vulnerabilities296