Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatEnterprise Linux Workstation

1845 matches found

CVE
CVEadded 2019/01/09 7:29 p.m.130 views

CVE-2018-6056

Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.07292EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.130 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00992EPSS
CVE
CVEadded 2012/06/16 9:55 p.m.129 views

CVE-2012-1717

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

2.1CVSS7.6AI score0.00155EPSS
CVE
CVEadded 2016/10/25 2:29 p.m.129 views

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

6.8CVSS5.5AI score0.02079EPSS
CVE
CVEadded 2017/04/14 6:59 p.m.129 views

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

7.5CVSS7.3AI score0.02102EPSS
CVE
CVEadded 2017/12/07 2:29 a.m.129 views

CVE-2017-15121

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

5.5CVSS6.1AI score0.00069EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.29631EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-5434

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-5441

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

9.1CVSS7.9AI score0.17854EPSS
Web
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.10902EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and ...

5.3CVSS6.5AI score0.01355EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thu...

10CVSS8.9AI score0.02508EPSS
CVE
CVEadded 2017/06/22 9:29 p.m.129 views

CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

6.5CVSS6.7AI score0.00782EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.129 views

CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird

6.5CVSS7.2AI score0.00466EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.129 views

CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.02538EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2018-5183

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR

9.8CVSS7.2AI score0.03792EPSS
CVE
CVEadded 2010/12/23 6:0 p.m.128 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

2.1CVSS5.8AI score0.00073EPSS
CVE
CVEadded 2014/01/15 4:8 p.m.128 views

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

3.3CVSS7.5AI score0.00449EPSS
CVE
CVEadded 2014/03/19 10:55 a.m.128 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS
CVE
CVEadded 2016/10/25 2:31 p.m.128 views

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

6.5CVSS5.5AI score0.01195EPSS
CVE
CVEadded 2017/08/08 3:29 p.m.128 views

CVE-2017-10111

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to com...

9.6CVSS9AI score0.0126EPSS
CVE
CVEadded 2018/04/23 6:29 p.m.128 views

CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

9.8CVSS9.5AI score0.01177EPSS
CVE
CVEadded 2019/01/09 7:29 p.m.128 views

CVE-2018-16076

Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8.2AI score0.00607EPSS
CVE
CVEadded 2018/12/11 4:29 p.m.128 views

CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

8.8CVSS7.8AI score0.01655EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firef...

8.6CVSS9.2AI score0.02394EPSS
CVE
CVEadded 2015/03/02 11:59 a.m.127 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVEadded 2016/05/05 6:59 p.m.127 views

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1CVSS6.2AI score0.24199EPSS
CVE
CVEadded 2018/07/27 9:29 p.m.127 views

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

7.5CVSS7.7AI score0.03467EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

7.5CVSS8.1AI score0.04954EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-5405

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.4AI score0.02668EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and F...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-7784

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.06834EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

8.1CVSS7.8AI score0.0082EPSS
CVE
CVEadded 2018/11/14 3:29 p.m.127 views

CVE-2018-17467

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00963EPSS
CVE
CVEadded 2014/08/14 5:1 a.m.126 views

CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain poin...

7.8CVSS6.3AI score0.06988EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.126 views

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7CVSS4.8AI score0.00965EPSS
CVE
CVEadded 2016/06/05 11:59 p.m.126 views

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript ...

8.8CVSS8.2AI score0.01354EPSS
Web
CVE
CVEadded 2018/06/11 9:29 p.m.126 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information dis...

6.5CVSS6.7AI score0.0102EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.126 views

CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02485EPSS
CVE
CVEadded 2018/11/14 3:29 p.m.126 views

CVE-2018-17471

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

4.3CVSS5.1AI score0.00888EPSS
CVE
CVEadded 2018/12/11 4:29 p.m.126 views

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

6.5CVSS6.3AI score0.00763EPSS
CVE
CVEadded 2018/12/11 4:29 p.m.126 views

CVE-2018-18355

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

4.3CVSS4.8AI score0.00963EPSS
CVE
CVEadded 2018/11/14 3:29 p.m.126 views

CVE-2018-6080

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

6.5CVSS6.5AI score0.00792EPSS
Web
CVE
CVEadded 2018/02/23 5:29 p.m.126 views

CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

7.8CVSS6.5AI score0.00038EPSS
CVE
CVEadded 2009/11/04 3:30 p.m.125 views

CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

7CVSS6.8AI score0.05095EPSS
CVE
CVEadded 2014/01/15 4:8 p.m.125 views

CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5CVSS7.6AI score0.00461EPSS
CVE
CVEadded 2016/01/21 3:1 a.m.125 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00197EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.125 views

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.125 views

CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird

4.3CVSS6AI score0.00438EPSS
Total number of security vulnerabilities1845