threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat enterprise linux server eus
Product
redhat enterprise linux server eus
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-3659
all versions
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user
5.5
MEDIUM
CVE-2021-3744
all versions
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allo
5.5
MEDIUM
CVE-2021-4034
all versions
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed
7.8
HIGH
CVE-2021-20233
all versions
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on
8.2
HIGH
CVE-2021-20225
all versions
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocate
6.7
MEDIUM
CVE-2020-27779
all versions
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged
7.5
HIGH
CVE-2020-27749
all versions
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their c
6.7
MEDIUM
CVE-2020-25647
all versions
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bound
7.6
HIGH
CVE-2020-25632
all versions
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependenc
8.2
HIGH
CVE-2020-14372
all versions
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot i
7.5
HIGH
CVE-2012-4512
all versions
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) an
8.8
HIGH
CVE-2014-8141
all versions
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbit
7.8
HIGH
CVE-2014-8140
all versions
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbi
7.8
HIGH
CVE-2014-8139
all versions
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrar
7.8
HIGH
CVE-2015-3147
all versions
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allo
6.5
MEDIUM
CVE-2014-7844
all versions
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
7.8
HIGH
CVE-2019-5544
all versions
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu
9.8
CRITICAL
CVE-2019-10216
all versions
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to by
7.8
HIGH
CVE-2018-12207
all versions
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut
6.5
MEDIUM
CVE-2019-0155
all versions
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM)
7.8
HIGH
CVE-2017-5333
all versions
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local
7.8
HIGH
CVE-2017-5332
all versions
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows
7.8
HIGH
CVE-2019-14813
all versions
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p
9.8
CRITICAL
CVE-2019-1125
all versions
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacke
5.6
MEDIUM
CVE-2019-10171
all versions
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5
7.5
HIGH
CVE-2019-10168
all versions
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.
7.8
HIGH
CVE-2019-10167
all versions
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" a
7.8
HIGH
CVE-2019-10166
all versions
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the vir
7.8
HIGH
CVE-2019-10182
all versions
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attack
8.2
HIGH
CVE-2018-16871
all versions
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is a
7.5
HIGH
CVE-2017-3139
all versions
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named
7.5
HIGH
CVE-2019-3878
all versions
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is con
8.1
HIGH
CVE-2019-3857
all versions
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHAN
8.8
HIGH
CVE-2019-3856
all versions
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard p
8.8
HIGH
CVE-2019-3838
all versions
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially
5.5
MEDIUM
CVE-2019-3835
all versions
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted
5.5
MEDIUM
CVE-2019-3863
all versions
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard
7.5
HIGH
CVE-2019-9948
all versions
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protecti
9.1
CRITICAL
CVE-2019-3855
all versions
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are
8.8
HIGH
CVE-2019-7221
all versions
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
HIGH
CVE-2019-6454
all versions
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len
5.5
MEDIUM
CVE-2019-6116
all versions
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote cod
7.8
HIGH
CVE-2019-3816
all versions
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openws
7.5
HIGH
CVE-2019-9636
all versions
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc)
9.8
CRITICAL
CVE-2018-18498
all versions
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is
9.8
CRITICAL
CVE-2018-18494
all versions
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause
6.5
MEDIUM
CVE-2018-18493
all versions
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due
9.8
CRITICAL
CVE-2018-18492
all versions
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the o
9.8
CRITICAL
CVE-2018-12405
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bug
9.8
CRITICAL
CVE-2018-12397
all versions
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for
7.1
HIGH
CVE-2018-12396
all versions
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This all
6.5
MEDIUM
CVE-2018-12395
all versions
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fron
7.5
HIGH
CVE-2018-12393
all versions
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF
7.5
HIGH
CVE-2018-12392
all versions
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exp
9.8
CRITICAL
CVE-2018-12390
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bug
9.8
CRITICAL
CVE-2018-12389
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed eviden
8.8
HIGH
CVE-2019-6974
all versions
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race
8.1
HIGH
CVE-2019-8308
all versions
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to
8.2
HIGH
CVE-2018-18506
all versions
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded loca
5.9
MEDIUM
CVE-2018-18505
all versions
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee
10.0
CRITICAL
CVE-2018-18501
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bug
9.8
CRITICAL
CVE-2018-18500
all versions
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the s
9.8
CRITICAL
CVE-2019-3813
all versions
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This
7.5
HIGH
CVE-2019-3815
all versions
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_re
3.3
LOW
CVE-2018-5740
all versions
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding
7.5
HIGH
CVE-2018-5733
all versions
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually ov
7.5
HIGH
CVE-2017-3145
all versions
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free
7.5
HIGH
CVE-2017-3144
all versions
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket d
7.5
HIGH
CVE-2017-3143
all versions
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name
7.5
HIGH
CVE-2017-3142
all versions
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name
5.3
MEDIUM
CVE-2017-3137
all versions
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records
7.5
HIGH
CVE-2017-3136
all versions
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. A
5.9
MEDIUM
CVE-2017-3135
all versions
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent sta
7.5
HIGH
CVE-2019-2422
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java
3.1
LOW
CVE-2018-16865
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2018-16864
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2019-6133
all versions
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore
6.7
MEDIUM
CVE-2018-19134
all versions
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScri
7.8
HIGH
CVE-2018-15127
all versions
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of fil
9.8
CRITICAL
CVE-2018-18397
all versions
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as dem
5.5
MEDIUM
CVE-2018-18356
all versions
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote atta
8.8
HIGH
CVE-2018-9568
all versions
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of pr
7.8
HIGH
CVE-2018-16863
all versions
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw
7.3
HIGH
CVE-2018-8786
all versions
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_re
9.8
CRITICAL
CVE-2018-14646
all versions
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() functi
5.5
MEDIUM
CVE-2018-19477
all versions
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2
7.8
HIGH
CVE-2018-19476
all versions
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolor
7.8
HIGH
CVE-2018-19475
all versions
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available
7.8
HIGH
CVE-2018-19409
all versions
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
9.8
CRITICAL
CVE-2018-5407
all versions
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a sid
4.7
MEDIUM
CVE-2018-17466
all versions
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds m
8.8
HIGH
CVE-2018-19115
all versions
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified o
9.8
CRITICAL
CVE-2016-2125
all versions
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authenticati
6.5
MEDIUM
CVE-2018-15688
all versions
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd
8.8
HIGH
CVE-2018-14665
all versions
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when startin
6.6
MEDIUM
CVE-2018-18559
all versions
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind o
8.1
HIGH
CVE-2018-18284
all versions
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy o
8.6
HIGH
CVE-2018-5188
all versions
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corru
9.8
CRITICAL
CVE-2018-5156
all versions
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This ca
9.8
CRITICAL
CVE-2018-12387
all versions
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack p
9.1
CRITICAL
CVE-2018-12386
all versions
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This le
8.1
HIGH
CVE-2018-12385
all versions
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the us
7.0
HIGH
CVE-2018-12383
all versions
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still
5.5
MEDIUM
CVE-2018-12379
all versions
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered
7.8
HIGH
CVE-2018-12378
all versions
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providin
9.8
CRITICAL
CVE-2018-12377
all versions
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the t
9.8
CRITICAL
CVE-2018-12376
all versions
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we pres
9.8
CRITICAL
CVE-2018-12366
all versions
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value
6.5
MEDIUM
CVE-2018-12365
all versions
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without us
6.5
MEDIUM
CVE-2018-12364
all versions
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that do
8.8
HIGH
CVE-2018-12363
all versions
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the ol
8.8
HIGH
CVE-2018-12362
all versions
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resu
8.8
HIGH
CVE-2018-12360
all versions
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that
8.8
HIGH
CVE-2018-12359
all versions
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically,
8.8
HIGH
CVE-2018-18445
all versions
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF ver
7.8
HIGH
CVE-2018-3214
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that
5.3
MEDIUM
CVE-2018-3183
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions
9.0
CRITICAL
CVE-2018-3180
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that
5.6
MEDIUM
CVE-2018-3169
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3
HIGH
CVE-2018-3149
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3
HIGH
CVE-2018-3139
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
3.1
LOW
CVE-2018-3136
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4
LOW
CVE-2018-18073
all versions
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the sa
6.3
MEDIUM
CVE-2018-17961
all versions
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler
8.6
HIGH
CVE-2018-1000805
all versions
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server
8.8
HIGH
CVE-2018-17456
all versions
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.
9.8
CRITICAL
CVE-2018-11784
all versions
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to
4.3
MEDIUM
CVE-2018-17972
all versions
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure t
5.5
MEDIUM
CVE-2018-14650
all versions
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files create
5.9
MEDIUM
CVE-2018-14634
all versions
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to S
7.8
HIGH
CVE-2018-17183
all versions
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to sup
7.8
HIGH
CVE-2018-11781
all versions
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
7.8
HIGH
CVE-2018-14638
all versions
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persi
7.5
HIGH
CVE-2018-16802
all versions
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stac
7.8
HIGH
CVE-2016-7035
all versions
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an
8.8
HIGH
CVE-2018-5391
all versions
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targetin
7.5
HIGH
CVE-2018-14624
all versions
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log
7.5
HIGH
CVE-2018-16542
all versions
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-siz
5.5
MEDIUM
CVE-2018-16541
all versions
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice
5.5
MEDIUM
CVE-2018-16540
all versions
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a u
7.8
HIGH
CVE-2018-16539
all versions
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp
5.5
MEDIUM
CVE-2018-16511
all versions
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to
7.8
HIGH
CVE-2018-16509
all versions
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /inva
7.8
HIGH
CVE-2018-14622
all versions
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not
7.5
HIGH
CVE-2018-15911
all versions
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access i
7.8
HIGH
CVE-2018-15910
all versions
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistil
7.8
HIGH
CVE-2018-15909
all versions
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supp
7.8
HIGH
CVE-2018-15908
all versions
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restric
7.8
HIGH
CVE-2015-5160
all versions
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local
5.5
MEDIUM
CVE-2018-10873
all versions
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked suff
8.3
HIGH
CVE-2018-10915
all versions
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state
8.5
HIGH
CVE-2018-5390
all versions
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for ev
7.5
HIGH
CVE-2016-9583
all versions
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafte
5.5
MEDIUM
CVE-2016-8654
all versions
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jas
7.8
HIGH
CVE-2016-8635
all versions
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. A
5.3
MEDIUM
CVE-2016-9573
all versions
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000
6.5
MEDIUM
CVE-2017-7518
all versions
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS durin
5.5
MEDIUM
CVE-2016-9603
all versions
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue c
5.5
MEDIUM
CVE-2016-9578
all versions
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE
7.5
HIGH
CVE-2017-15101
all versions
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacke
7.8
HIGH
CVE-2017-15097
all versions
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres
6.5
MEDIUM
CVE-2016-9577
all versions
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send cra
7.5
HIGH
CVE-2017-2633
all versions
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could oc
5.4
MEDIUM
CVE-2017-2626
all versions
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this fla
5.2
MEDIUM
CVE-2017-2620
all versions
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access iss
5.5
MEDIUM
CVE-2017-2618
all versions
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (nu
5.5
MEDIUM
CVE-2017-2616
all versions
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authentica
5.5
MEDIUM
CVE-2017-2640
all versions
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could poten
7.5
HIGH
CVE-2017-2625
all versions
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xd
6.5
MEDIUM
CVE-2017-2590
all versions
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's pe
8.1
HIGH
CVE-2017-12173
all versions
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local c
4.3
MEDIUM
CVE-2017-12151
all versions
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol s
7.4
HIGH
CVE-2017-18344
all versions
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate
5.5
MEDIUM
CVE-2018-14362
all versions
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe
9.8
CRITICAL
CVE-2018-14357
all versions
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary c
9.8
CRITICAL
CVE-2018-14354
all versions
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary c
9.8
CRITICAL
CVE-2018-3693
all versions
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio
5.6
MEDIUM
CVE-2017-2615
all versions
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It coul
5.5
MEDIUM
CVE-2018-10850
all versions
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search,
5.9
MEDIUM
CVE-2018-5185
all versions
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 5
6.5
MEDIUM
CVE-2018-5184
all versions
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 5
7.5
HIGH
CVE-2018-5183
all versions
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including inval
9.8
CRITICAL
CVE-2018-5178
all versions
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This
8.1
HIGH
CVE-2018-5170
all versions
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening
4.3
MEDIUM
CVE-2018-5168
all versions
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme
5.3
MEDIUM
CVE-2018-5162
all versions
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbir
7.5
HIGH
CVE-2018-5161
all versions
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird E
4.3
MEDIUM
CVE-2018-5159
all versions
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting
9.8
CRITICAL
CVE-2018-5158
all versions
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected throug
8.8
HIGH
CVE-2018-5157
all versions
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer.
7.5
HIGH
CVE-2018-5155
all versions
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potential
9.8
CRITICAL
CVE-2018-5154
all versions
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a pot
9.8
CRITICAL
CVE-2018-5150
all versions
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memo
9.8
CRITICAL
CVE-2018-5148
all versions
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead o
9.8
CRITICAL
CVE-2018-5146
all versions
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affe
8.8
HIGH
CVE-2018-5145
all versions
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with eno
9.8
CRITICAL
CVE-2018-5144
all versions
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This
7.3
HIGH
CVE-2018-5131
all versions
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "
5.9
MEDIUM
CVE-2018-5130
all versions
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable cr
8.8
HIGH
CVE-2018-5129
all versions
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can
8.6
HIGH
CVE-2018-5127
all versions
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploita
8.8
HIGH
CVE-2018-5117
all versions
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this
5.3
MEDIUM
CVE-2018-5104
all versions
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in
9.8
CRITICAL
CVE-2018-5103
all versions
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a po
9.8
CRITICAL
CVE-2018-5102
all versions
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially expl
9.8
CRITICAL
CVE-2018-5099
all versions
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previo
9.8
CRITICAL
CVE-2018-5098
all versions
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This r
9.8
CRITICAL
CVE-2018-5097
all versions
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated
9.8
CRITICAL
CVE-2018-5096
all versions
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable c
9.8
CRITICAL
CVE-2018-5095
all versions
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB
9.8
CRITICAL
CVE-2018-5091
all versions
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potent
9.8
CRITICAL
CVE-2017-7848
all versions
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbi
5.3
MEDIUM
CVE-2017-7846
all versions
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article -
8.8
HIGH
CVE-2017-7843
all versions
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user u
7.5
HIGH
CVE-2017-7830
all versions
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could
6.5
MEDIUM
CVE-2017-7828
all versions
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while st
9.8
CRITICAL
CVE-2017-7826
all versions
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and w
9.8
CRITICAL
CVE-2017-7823
all versions
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if
5.4
MEDIUM
CVE-2017-7819
all versions
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing h
9.8
CRITICAL
CVE-2017-7818
all versions
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within
9.8
CRITICAL
CVE-2017-7814
all versions
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware
7.8
HIGH
CVE-2017-7810
all versions
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and w
9.8
CRITICAL
CVE-2017-7809
all versions
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to
9.8
CRITICAL
CVE-2017-7807
all versions
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This
8.1
HIGH
CVE-2017-7803
all versions
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in t
7.5
HIGH
CVE-2017-7802
all versions
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements
9.8
CRITICAL
CVE-2017-7801
all versions
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the update
9.8
CRITICAL
CVE-2017-7800
all versions
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection op
9.8
CRITICAL
CVE-2017-7798
all versions
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. I
8.8
HIGH
CVE-2017-7793
all versions
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, re
9.8
CRITICAL
CVE-2017-7792
all versions
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object
9.8
CRITICAL
CVE-2017-7791
all versions
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains fo
5.3
MEDIUM
CVE-2017-7787
all versions
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access
7.5
HIGH
CVE-2017-7786
all versions
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially
9.8
CRITICAL
CVE-2017-7785
all versions
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results
9.8
CRITICAL
CVE-2017-7784
all versions
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been fr
9.8
CRITICAL
CVE-2017-7779
all versions
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memo
9.8
CRITICAL
CVE-2017-7758
all versions
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder
9.1
CRITICAL
CVE-2017-7754
all versions
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects F
7.5
HIGH
CVE-2017-7753
all versions
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vul
9.1
CRITICAL
CVE-2017-7752
all versions
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how e
8.8
HIGH
CVE-2017-7751
all versions
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability a
9.8
CRITICAL
CVE-2017-7750
all versions
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if th
9.8
CRITICAL
CVE-2017-7749
all versions
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially explo
9.8
CRITICAL
CVE-2017-5472
all versions
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to us
9.8
CRITICAL
CVE-2017-5470
all versions
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and w
9.8
CRITICAL
CVE-2017-5469
all versions
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderb
9.8
CRITICAL
CVE-2017-5466
all versions
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a relo
6.1
MEDIUM
CVE-2017-5465
all versions
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inacc
9.1
CRITICAL
CVE-2017-5464
all versions
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree
9.8
CRITICAL
CVE-2017-5460
all versions
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user
9.8
CRITICAL
CVE-2017-5459
all versions
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Th
9.8
CRITICAL
CVE-2017-5456
all versions
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC messa
9.8
CRITICAL
CVE-2017-5455
all versions
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combine
7.5
HIGH
CVE-2017-5454
all versions
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those se
7.5
HIGH
CVE-2017-5451
all versions
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used
4.3
MEDIUM
CVE-2017-5449
all versions
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations
7.5
HIGH
CVE-2017-5448
all versions
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code
8.6
HIGH
CVE-2017-5447
all versions
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash an
9.1
CRITICAL
CVE-2017-5446
all versions
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a pote
9.8
CRITICAL
CVE-2017-5445
all versions
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an arra
7.5
HIGH
CVE-2017-5444
all versions
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly f
7.5
HIGH
CVE-2017-5443
all versions
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbi
9.8
CRITICAL
CVE-2017-5442
all versions
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable c
9.8
CRITICAL
CVE-2017-5441
all versions
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. Thi
9.8
CRITICAL
CVE-2017-5440
all versions
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluat
9.8
CRITICAL
CVE-2017-5439
all versions
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially e
9.8
CRITICAL
CVE-2017-5438
all versions
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. Thi
9.8
CRITICAL
CVE-2017-5436
all versions
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially
8.8
HIGH
CVE-2017-5435
all versions
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in
9.8
CRITICAL
CVE-2017-5433
all versions
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from
9.8
CRITICAL
CVE-2017-5432
all versions
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulne
9.8
CRITICAL
CVE-2017-5428
all versions
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the
9.8
CRITICAL
CVE-2017-5410
all versions
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how increment
9.8
CRITICAL
CVE-2017-5408
all versions
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use,
5.3
MEDIUM
CVE-2017-5407
all versions
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values
6.5
MEDIUM
CVE-2017-5405
all versions
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerab
5.3
MEDIUM
CVE-2017-5404
all versions
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node
9.8
CRITICAL
CVE-2017-5402
all versions
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while wo
9.8
CRITICAL
CVE-2017-5401
all versions
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting cras
9.8
CRITICAL
CVE-2017-5400
all versions
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory
9.8
CRITICAL
CVE-2017-5398
all versions
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that
9.8
CRITICAL
CVE-2017-5396
all versions
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media eleme
9.8
CRITICAL
CVE-2017-5390
all versions
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTT
9.8
CRITICAL
CVE-2017-5386
all versions
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to p
7.3
HIGH
CVE-2017-5383
all versions
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for d
5.3
MEDIUM
CVE-2017-5380
all versions
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird <
9.8
CRITICAL
CVE-2017-5378
all versions
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be disc
7.5
HIGH
CVE-2017-5376
all versions
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Fi
9.8
CRITICAL
CVE-2016-9902
all versions
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming
7.5
HIGH
CVE-2016-9900
all versions
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" UR
7.5
HIGH
CVE-2016-9899
all versions
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vuln
9.8
CRITICAL
CVE-2016-9898
all versions
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects
9.8
CRITICAL
CVE-2016-9895
all versions
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScrip
6.1
MEDIUM
CVE-2016-9893
all versions
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that
9.8
CRITICAL
CVE-2016-9079
all versions
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in
7.5
HIGH
CVE-2018-12020
all versions
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote
7.5
HIGH
CVE-2018-11235
all versions
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code exec
7.8
HIGH
CVE-2018-1000199
all versions
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash a
5.5
MEDIUM
CVE-2018-1087
all versions
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a f
8.0
HIGH
CVE-2018-10675
all versions
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service
7.8
HIGH
CVE-2017-2885
all versions
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can ca
9.8
CRITICAL
CVE-2018-1106
all versions
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to ins
5.5
MEDIUM
CVE-2017-17833
all versions
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a de
9.8
CRITICAL
CVE-2018-2815
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3
MEDIUM
CVE-2018-2814
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3
HIGH
CVE-2018-2813
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.3
MEDIUM
CVE-2018-2800
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Ja
4.2
MEDIUM
CVE-2018-2799
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that
5.3
MEDIUM
CVE-2018-2798
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that a
5.3
MEDIUM
CVE-2018-2797
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that a
5.3
MEDIUM
CVE-2018-2796
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported version
5.3
MEDIUM
CVE-2018-2795
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
5.3
MEDIUM
CVE-2018-2794
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected a
7.7
HIGH
CVE-2018-2790
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1
LOW
CVE-2018-10194
all versions
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not
7.8
HIGH
CVE-2018-1086
all versions
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not
4.3
MEDIUM
CVE-2018-1000156
all versions
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM in
7.8
HIGH
CVE-2018-7566
all versions
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a loca
7.8
HIGH
CVE-2018-1000140
all versions
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a pe
9.8
CRITICAL
CVE-2018-1068
all versions
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user
6.7
MEDIUM
CVE-2018-7750
all versions
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.
9.8
CRITICAL
CVE-2018-7858
all versions
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to ca
5.5
MEDIUM
CVE-2016-9600
all versions
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image file
6.5
MEDIUM
CVE-2014-8130
all versions
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a deni
6.5
MEDIUM
CVE-2014-8129
all versions
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact
8.8
HIGH
CVE-2016-9591
all versions
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a
5.5
MEDIUM
CVE-2018-7550
all versions
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary c
8.8
HIGH
CVE-2018-7225
all versions
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.l
9.8
CRITICAL
CVE-2018-5379
all versions
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, contai
7.5
HIGH
CVE-2018-1049
all versions
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may n
5.9
MEDIUM
CVE-2018-6927
all versions
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service
7.8
HIGH
CVE-2018-6871
all versions
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document,
9.8
CRITICAL
CVE-2018-6574
all versions
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during
7.8
HIGH
CVE-2018-6560
all versions
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can
8.8
HIGH
CVE-2018-1000001
all versions
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destinat
7.8
HIGH
CVE-2018-5750
all versions
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive
5.5
MEDIUM
CVE-2018-5748
all versions
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
7.5
HIGH
CVE-2018-1000007
all versions
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its
9.8
CRITICAL
CVE-2018-5683
all versions
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEM
6.0
MEDIUM
CVE-2018-5950
all versions
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web sc
6.1
MEDIUM
CVE-2018-2678
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
4.3
MEDIUM
CVE-2018-2677
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affect
4.3
MEDIUM
CVE-2018-2663
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
4.3
MEDIUM
CVE-2018-2657
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affec
5.3
MEDIUM
CVE-2018-2641
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affect
6.1
MEDIUM
CVE-2018-2637
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that a
7.4
HIGH
CVE-2018-2634
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affec
6.8
MEDIUM
CVE-2018-2633
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3
HIGH
CVE-2018-2629
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that
5.3
MEDIUM
CVE-2018-2618
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
5.9
MEDIUM
CVE-2018-2603
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
5.3
MEDIUM
CVE-2018-2602
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affec
4.5
MEDIUM
CVE-2018-2599
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
4.8
MEDIUM
CVE-2018-2588
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that
4.3
MEDIUM
CVE-2018-2582
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
6.5
MEDIUM
CVE-2018-2579
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
3.7
LOW
CVE-2018-5345
all versions
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potenti
7.8
HIGH
CVE-2017-17405
all versions
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile
8.8
HIGH
CVE-2017-1000407
all versions
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be tr
7.4
HIGH
CVE-2017-1000410
all versions
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - Conf
7.5
HIGH
CVE-2017-15121
all versions
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a f
5.5
MEDIUM
CVE-2017-3157
all versions
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows read
5.5
MEDIUM
CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5
HIGH
CVE-2015-7529
all versions
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink atta
7.8
HIGH
CVE-2015-5740
all versions
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attacker
9.8
CRITICAL
CVE-2015-5739
all versions
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote a
9.8
CRITICAL
CVE-2017-0903
all versions
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization
9.8
CRITICAL
CVE-2017-1000116
all versions
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
9.8
CRITICAL
CVE-2017-1000115
all versions
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside th
7.5
HIGH
CVE-2017-1000111
all versions
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both
7.8
HIGH
CVE-2017-1000251
all versions
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1
8.0
HIGH
CVE-2017-1000083
all versions
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arb
7.8
HIGH
CVE-2017-0902
all versions
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGe
8.1
HIGH
CVE-2017-0901
all versions
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overw
7.5
HIGH
CVE-2017-0900
all versions
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack ag
7.5
HIGH
CVE-2017-0899
all versions
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape character
9.8
CRITICAL
CVE-2017-14064
all versions
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issu
9.8
CRITICAL
CVE-2017-5208
all versions
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory co
8.8
HIGH
CVE-2017-10661
all versions
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of servi
7.0
HIGH
CVE-2017-3641
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9
MEDIUM
CVE-2017-3636
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.3
MEDIUM
CVE-2015-7852
all versions
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted
5.9
MEDIUM
CVE-2015-7704
all versions
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe
7.5
HIGH
CVE-2015-7702
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
6.5
MEDIUM
CVE-2015-7701
all versions
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to c
7.5
HIGH
CVE-2015-7692
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2015-7691
all versions
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2015-3149
all versions
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files v
5.5
MEDIUM
CVE-2017-7980
all versions
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users t
7.8
HIGH
CVE-2015-7703
all versions
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allo
7.5
HIGH
CVE-2015-5300
all versions
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128
7.5
HIGH
CVE-2017-10978
all versions
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a den
7.5
HIGH
CVE-2017-9788
all versions
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was
9.1
CRITICAL
CVE-2017-9776
all versions
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to
7.8
HIGH
CVE-2017-9775
all versions
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (ap
6.5
MEDIUM
CVE-2017-1000366
all versions
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to
7.8
HIGH
CVE-2017-9462
all versions
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently ex
8.8
HIGH
CVE-2017-9461
all versions
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high C
6.5
MEDIUM
CVE-2017-3600
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected
6.6
MEDIUM
CVE-2017-3544
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
3.7
LOW
CVE-2017-3539
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1
LOW
CVE-2017-3533
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
3.7
LOW
CVE-2017-3464
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.3
MEDIUM
CVE-2017-5645
all versions
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot
9.8
CRITICAL
CVE-2017-6011
all versions
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" fu
5.5
MEDIUM
CVE-2017-6010
all versions
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" sour
5.5
MEDIUM
CVE-2017-6009
all versions
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restabl
5.5
MEDIUM
CVE-2017-3302
all versions
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29
7.5
HIGH
CVE-2016-10165
all versions
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or caus
7.1
HIGH
CVE-2016-2518
all versions
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds r
5.3
MEDIUM
CVE-2017-5205
all versions
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
9.8
CRITICAL
CVE-2017-5204
all versions
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
9.8
CRITICAL
CVE-2017-5203
all versions
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
9.8
CRITICAL
CVE-2017-5202
all versions
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
9.8
CRITICAL
CVE-2016-5824
all versions
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
5.5
MEDIUM
CVE-2016-9401
all versions
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
5.5
MEDIUM
CVE-2016-7426
all versions
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled,
7.5
HIGH
CVE-2016-7166
all versions
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of
5.5
MEDIUM
CVE-2016-5844
all versions
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application cr
6.5
MEDIUM
CVE-2016-5418
all versions
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow r
7.5
HIGH
CVE-2016-4809
all versions
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote a
7.5
HIGH
CVE-2016-4302
all versions
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remo
7.8
HIGH
CVE-2016-4300
all versions
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remot
7.8
HIGH
CVE-2016-6662
all versions
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.
9.8
CRITICAL
CVE-2016-5403
all versions
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory
5.5
MEDIUM
CVE-2016-5444
all versions
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
3.7
LOW
CVE-2016-5440
all versions
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50
4.9
MEDIUM
CVE-2016-5388
all versions
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and there
8.1
HIGH
CVE-2016-5386
all versions
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does
8.1
HIGH
CVE-2016-4470
all versions
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data stru
5.5
MEDIUM
CVE-2016-0758
all versions
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data
7.8
HIGH
CVE-2016-3698
all versions
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages,
8.1
HIGH
CVE-2016-2818
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow r
8.8
HIGH
CVE-2016-4448
all versions
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in un
9.8
CRITICAL
CVE-2016-2150
all versions
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters,
7.1
HIGH
CVE-2016-0749
all versions
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execu
9.8
CRITICAL
CVE-2015-5261
all versions
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the hos
7.1
HIGH
CVE-2015-5260
all versions
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption
7.8
HIGH
CVE-2016-0376
all versions
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR
8.1
HIGH
CVE-2016-0363
all versions
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP
8.1
HIGH
CVE-2016-0264
all versions
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before
5.6
MEDIUM
CVE-2016-4578
all versions
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obt
5.5
MEDIUM
CVE-2016-1840
all versions
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X
7.8
HIGH
CVE-2016-1839
all versions
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1,
5.5
MEDIUM
CVE-2016-1838
all versions
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tv
5.5
MEDIUM
CVE-2016-1837
all versions
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before
5.5
MEDIUM
CVE-2016-1836
all versions
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS
5.5
MEDIUM
CVE-2016-1834
all versions
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.1
7.8
HIGH
CVE-2016-1833
all versions
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, a
5.5
MEDIUM
CVE-2015-4643
all versions
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 a
9.8
CRITICAL
CVE-2015-4605
all versions
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.
7.5
HIGH
CVE-2015-4604
all versions
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6
7.5
HIGH
CVE-2015-4603
all versions
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6
9.8
CRITICAL
CVE-2015-4602
all versions
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before
9.8
CRITICAL
CVE-2015-4601
all versions
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
9.8
CRITICAL
CVE-2015-4600
all versions
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a
9.8
CRITICAL
CVE-2015-4599
all versions
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remot
9.8
CRITICAL
CVE-2015-4598
all versions
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might all
6.5
MEDIUM
CVE-2015-3412
all versions
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allo
5.3
MEDIUM
CVE-2015-3411
all versions
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allo
6.5
MEDIUM
CVE-2016-3712
all versions
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU p
5.5
MEDIUM
CVE-2016-3710
all versions
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administr
8.8
HIGH
CVE-2016-3717
all versions
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafte
5.5
MEDIUM
CVE-2016-3716
all versions
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted
3.3
LOW
CVE-2016-2109
all versions
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before
7.5
HIGH
CVE-2016-2108
all versions
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cau
9.8
CRITICAL
CVE-2016-2107
all versions
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain pa
5.9
MEDIUM
CVE-2016-2106
all versions
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows
7.5
HIGH
CVE-2016-2105
all versions
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows r
7.5
HIGH
CVE-2015-4170
all versions
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows l
4.7
MEDIUM
CVE-2016-3427
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8
CRITICAL
CVE-2016-0695
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
5.9
MEDIUM
CVE-2010-5325
all versions
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to c
9.8
CRITICAL
CVE-2016-3069
all versions
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
8.8
HIGH
CVE-2016-3068
all versions
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
8.8
HIGH
CVE-2015-5229
all versions
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas,
7.5
HIGH
CVE-2016-1762
all versions
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read
8.1
HIGH
CVE-2015-7547
all versions
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (
8.1
HIGH
CVE-2016-0616
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 1
CVE-2016-0609
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0608
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0606
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0600
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0598
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0597
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0596
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.
CVE-2016-0546
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0505
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2015-8327
all versions
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomat
CVE-2015-5006
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 befor
CVE-2015-3196
all versions
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client,
CVE-2015-7981
all versions
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows re
CVE-2015-4819
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confiden
CVE-2015-5157
all versions
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that o
CVE-2015-3214
all versions
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths a
CVE-2015-5165
all versions
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote at
CVE-2015-2582
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-5123
all versions
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through
9.8
CRITICAL
CVE-2015-5122
all versions
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x thro
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin