Lucene search

K
RedhatEnterprise Linux Server

296 matches found

CVE
CVE
added 2019/02/28 6:29 p.m.174 views

CVE-2018-12390

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

9.8CVSS8.3AI score0.06392EPSS
CVE
CVE
added 2019/02/12 11:29 p.m.173 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.163 views

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

4.3CVSS4.9AI score0.01851EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.162 views

CVE-2018-12389

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 6...

8.8CVSS8.4AI score0.01167EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.162 views

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2019/02/03 3:29 a.m.161 views

CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocair...

7.8CVSS8AI score0.00267EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.158 views

CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS
CVE
CVE
added 2019/01/01 4:29 p.m.156 views

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5CVSS6.5AI score0.00561EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.150 views

CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable...

7.5CVSS7.4AI score0.03889EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.146 views

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond t...

7.5CVSS6.2AI score0.23134EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.146 views

CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

7.5CVSS6.7AI score0.2582EPSS
CVE
CVE
added 2019/04/23 4:29 p.m.145 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.139 views

CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9....

7.5CVSS7.1AI score0.34706EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.139 views

CVE-2019-2449

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks requ...

3.1CVSS4.3AI score0.03459EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.137 views

CVE-2018-12396

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox...

6.5CVSS7.2AI score0.0073EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.134 views

CVE-2018-6124

Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.02059EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.132 views

CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8CVSS8.8AI score0.24544EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.131 views

CVE-2018-6120

An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS8.7AI score0.02538EPSS
CVE
CVE
added 2019/01/03 4:29 p.m.130 views

CVE-2018-16885

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory ad...

5.5CVSS6.1AI score0.00044EPSS
CVE
CVE
added 2019/10/14 8:15 p.m.129 views

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks ...

7.4CVSS7AI score0.00287EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.128 views

CVE-2019-2996

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

4.2CVSS4.5AI score0.0332EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.127 views

CVE-2018-12397

A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vul...

7.1CVSS6.8AI score0.00073EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.126 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00992EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.125 views

CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.02538EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.124 views

CVE-2018-12395

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

7.5CVSS7AI score0.01888EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.124 views

CVE-2018-16076

Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8.2AI score0.00607EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.121 views

CVE-2018-6056

Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.07292EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.120 views

CVE-2018-6141

Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS5.9AI score0.01225EPSS
CVE
CVE
added 2019/03/26 6:29 p.m.120 views

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.7AI score0.03208EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-16079

A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

5.3CVSS5.5AI score0.0028EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6172

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.117 views

CVE-2018-6179

Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

6.5CVSS6.4AI score0.00563EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.116 views

CVE-2018-6166

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.114 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.114 views

CVE-2018-16078

Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.4AI score0.00472EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-16068

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.4AI score0.01655EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6096

A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

6.5CVSS6.3AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6123

A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.5AI score0.01976EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6133

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS5.8AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.113 views

CVE-2018-6143

Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS5.9AI score0.01107EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.112 views

CVE-2018-16082

An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

6.5CVSS6.8AI score0.0051EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.112 views

CVE-2018-17459

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00269EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.112 views

CVE-2018-6093

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00992EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.112 views

CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.01257EPSS
CVE
CVE
added 2019/04/19 2:29 p.m.112 views

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

7.5CVSS7.6AI score0.01619EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.111 views

CVE-2018-6173

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.5AI score0.00963EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.24544EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-6091

Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.3AI score0.00992EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-6114

Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.4AI score0.00662EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.110 views

CVE-2018-6127

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS6.2AI score0.01655EPSS
Total number of security vulnerabilities296