Lucene search

K
RedhatEnterprise Linux Server

1890 matches found

CVE
CVE
added 2019/12/18 6:15 p.m.258 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.40339EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.258 views

CVE-2020-6393

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01447EPSS
CVE
CVE
added 2014/03/21 2:55 p.m.257 views

CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

4.3CVSS7AI score0.04144EPSS
Web
CVE
CVE
added 2018/02/18 4:29 a.m.257 views

CVE-2018-7208

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a ...

7.8CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.257 views

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS5AI score0.00654EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.256 views

CVE-2018-2940

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via m...

4.3CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.256 views

CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabili...

8.8CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.255 views

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solut...

7.8CVSS7.8AI score0.40514EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.255 views

CVE-2017-13082

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

8.1CVSS7.7AI score0.00581EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.255 views

CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

6.5CVSS6.1AI score0.00124EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.255 views

CVE-2020-6390

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.03893EPSS
CVE
CVE
added 2007/03/30 12:19 a.m.254 views

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

5CVSS7.2AI score0.10289EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.254 views

CVE-2018-18498

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.4AI score0.02064EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.254 views

CVE-2019-13743

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.3AI score0.01851EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.254 views

CVE-2019-17022

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the...

6.1CVSS6.8AI score0.02471EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.253 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00414EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.253 views

CVE-2016-2109

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

7.8CVSS8AI score0.57624EPSS
CVE
CVE
added 2017/01/19 8:59 p.m.253 views

CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

8.8CVSS8.5AI score0.00036EPSS
CVE
CVE
added 2018/07/26 6:29 p.m.253 views

CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

5.5CVSS6AI score0.00074EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.253 views

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 a...

8.8CVSS9.2AI score0.01777EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.253 views

CVE-2020-6396

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.7AI score0.01371EPSS
CVE
CVE
added 2008/01/25 1:0 a.m.252 views

CVE-2008-0456

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response...

2.6CVSS7.2AI score0.05994EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.252 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.02778EPSS
CVE
CVE
added 2018/03/22 9:29 p.m.252 views

CVE-2018-8945

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

5.5CVSS5.9AI score0.0017EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.252 views

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.0241EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.252 views

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00282EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.252 views

CVE-2019-8814

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary c...

9.3CVSS8.6AI score0.00704EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.251 views

CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.01851EPSS
CVE
CVE
added 2018/07/28 11:29 p.m.250 views

CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

6.5CVSS7.1AI score0.00906EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.250 views

CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01911EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.250 views

CVE-2019-13749

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.250 views

CVE-2019-5769

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2015/06/09 6:59 p.m.249 views

CVE-2015-3307

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

7.5CVSS7.6AI score0.09628EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.249 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderb...

6.5CVSS7AI score0.00904EPSS
CVE
CVE
added 2018/01/26 7:29 p.m.249 views

CVE-2018-5750

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

5.5CVSS5.5AI score0.00041EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.249 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00877EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.249 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

6.5CVSS5.9AI score0.00493EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.248 views

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

4.7CVSS4.9AI score0.00045EPSS
CVE
CVE
added 2018/07/17 5:29 p.m.248 views

CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

9.8CVSS9.1AI score0.02828EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.248 views

CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.248 views

CVE-2019-8544

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01683EPSS
CVE
CVE
added 2018/09/04 4:29 p.m.247 views

CVE-2018-10929

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

8.8CVSS8.6AI score0.0086EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.247 views

CVE-2019-13757

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.1AI score0.01851EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.246 views

CVE-2016-2106

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

7.5CVSS7.6AI score0.64185EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.246 views

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local at...

7.8CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.246 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

9.8CVSS8.1AI score0.06662EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.246 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.246 views

CVE-2020-6394

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.01055EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.245 views

CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS7AI score0.01421EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.245 views

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.6AI score0.074EPSS
Total number of security vulnerabilities1890