CVE-2024-0409

all versions

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u

7.8HIGH

CVE-2024-0408

all versions

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe

5.5MEDIUM

CVE-2023-5455

all versions

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows

6.5MEDIUM

CVE-2023-5869

all versions

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks

8.8HIGH

CVE-2023-3972

all versions

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of

7.8HIGH

CVE-2023-5367

all versions

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset

7.8HIGH

CVE-2023-3899

all versions

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu

7.8HIGH

CVE-2023-0494

all versions

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by

7.8HIGH

CVE-2019-8720

all versions

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitr

8.8HIGH

CVE-2022-4254

all versions

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

8.8HIGH

CVE-2022-0330

all versions

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicio

7.8HIGH

CVE-2021-3656

all versions

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual

8.8HIGH

CVE-2021-44142

all versions

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients

8.8HIGH

CVE-2021-4091

all versions

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a

7.5HIGH

CVE-2020-25719

all versions

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The S

7.2HIGH

CVE-2020-25717

all versions

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl

8.1HIGH

CVE-2016-2124

all versions

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw

5.9MEDIUM

CVE-2021-4034

all versions

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed

7.8HIGH

CVE-2021-40438

all versions

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a

9.0CRITICAL

CVE-2019-13763

all versions

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised t

4.3MEDIUM

CVE-2019-13762

all versions

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof d

3.3LOW

CVE-2019-13761

all versions

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via I

4.3MEDIUM

CVE-2019-13759

all versions

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing

4.3MEDIUM

CVE-2019-13758

all versions

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypas

4.3MEDIUM

CVE-2019-13757

all versions

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via I

4.3MEDIUM

CVE-2019-13756

all versions

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via

4.3MEDIUM

CVE-2019-13755

all versions

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensio

4.3MEDIUM

CVE-2019-13754

all versions

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigatio

4.3MEDIUM

CVE-2019-13753

all versions

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info

6.5MEDIUM

CVE-2019-13752

all versions

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info

6.5MEDIUM

CVE-2019-13751

all versions

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info

6.5MEDIUM

CVE-2019-13750

all versions

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth

6.5MEDIUM

CVE-2019-13749

all versions

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of

6.5MEDIUM

CVE-2019-13748

all versions

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain poten

6.5MEDIUM

CVE-2019-13747

all versions

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit

8.8HIGH

CVE-2019-13746

all versions

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents

6.5MEDIUM

CVE-2019-13744

all versions

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin d

6.5MEDIUM

CVE-2019-13743

all versions

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof secu

6.5MEDIUM

CVE-2019-13742

all versions

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of

6.5MEDIUM

CVE-2019-13741

all versions

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same

8.8HIGH

CVE-2019-13740

all versions

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a

6.5MEDIUM

CVE-2019-13739

all versions

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoo

6.5MEDIUM

CVE-2019-13738

all versions

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isol

6.5MEDIUM

CVE-2019-13737

all versions

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potenti

6.5MEDIUM

CVE-2019-13736

all versions

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2019-13735

all versions

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code insid

8.8HIGH

CVE-2019-13732

all versions

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2019-13730

all versions

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2019-13729

all versions

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2019-13728

all versions

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap cor

8.8HIGH

CVE-2019-13727

all versions

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same orig

8.8HIGH

CVE-2019-13726

all versions

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via

8.8HIGH

CVE-2019-13725

all versions

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a craft

8.8HIGH

CVE-2019-6470

all versions

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There

6.5MEDIUM

CVE-2019-11043

all versions

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possibl

8.7HIGH

CVE-2019-7317

all versions

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_saf

5.3MEDIUM

CVE-2018-16881

all versions

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to

7.5HIGH

CVE-2018-16866

all versions

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A loca

3.3LOW

CVE-2017-15129

all versions

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_ne

4.7MEDIUM

CVE-2017-12615

all versions

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation paramet

8.1HIGH

CVE-2015-3405

all versions

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big end

7.5HIGH

CVE-2016-9675

all versions

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the applicat

7.8HIGH

CVE-2016-5009

all versions

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation

6.5MEDIUM

CVE-2016-2818

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow r

8.8HIGH

CVE-2015-4902

all versions

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors

5.3MEDIUM

CVE-2015-3214

all versions

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths a

CVE-2015-5165

all versions

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote at

CVE-2014-7169

all versions

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme

9.8CRITICAL

CVE-2014-6271

all versions

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re

9.8CRITICAL

CVE-2013-1675

all versions

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do

6.5MEDIUM

CVE-2012-1717

all versions

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 an