CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2015-1218 DoS 2015-03-09 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.
402 CVE-2015-1217 17 DoS 2015-03-09 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
403 CVE-2015-1216 DoS 2015-03-09 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.
404 CVE-2015-1215 119 DoS Overflow 2015-03-09 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
405 CVE-2015-1214 190 DoS Overflow 2015-03-09 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.
406 CVE-2015-1212 DoS 2015-02-06 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
407 CVE-2015-1211 +Priv 2015-02-06 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
408 CVE-2015-1209 416 DoS 2015-02-06 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
409 CVE-2015-0412 2015-01-21 2020-09-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
410 CVE-2015-0411 2015-01-21 2019-02-01
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
411 CVE-2015-0283 399 DoS 2015-03-30 2016-12-31
7.8
None Remote Low Not required None None Complete
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.
412 CVE-2015-0192 +Priv 2015-07-02 2019-06-03
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
413 CVE-2014-9674 DoS Overflow 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
414 CVE-2014-9663 119 DoS Overflow 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
415 CVE-2014-9661 DoS 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
416 CVE-2014-9660 476 DoS 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
417 CVE-2014-9658 125 DoS 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
418 CVE-2014-9657 125 DoS 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
419 CVE-2014-9322 269 1 +Priv 2014-12-17 2020-08-14
7.2
None Local Low Not required Complete Complete Complete
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
420 CVE-2014-8241 476 DoS 2016-12-14 2016-12-20
7.5
None Remote Low Not required Partial Partial Partial
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
421 CVE-2014-8174 200 Exec Code +Info 2017-09-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
422 CVE-2014-8162 2015-05-14 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
423 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
424 CVE-2014-8138 119 DoS Exec Code Overflow 2014-12-24 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
425 CVE-2014-8125 2015-04-21 2015-05-26
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
426 CVE-2014-8089 89 Exec Code Sql 2020-02-17 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
427 CVE-2014-7942 399 DoS 2015-01-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
428 CVE-2014-7926 17 DoS Mem. Corr. 2015-01-22 2019-04-23
7.5
None Remote Low Not required Partial Partial Partial
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
429 CVE-2014-7923 17 DoS Mem. Corr. 2015-01-22 2019-04-23
7.5
None Remote Low Not required Partial Partial Partial
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
430 CVE-2014-7844 74 Exec Code 2020-01-14 2020-01-21
7.2
None Local Low Not required Complete Complete Complete
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
431 CVE-2014-7840 20 Exec Code 2014-12-12 2020-08-11
7.5
None Remote Low Not required Partial Partial Partial
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
432 CVE-2014-7300 399 Exec Code 2014-12-25 2016-08-31
7.2
None Local Low Not required Complete Complete Complete
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
433 CVE-2014-7145 399 DoS 2014-09-28 2016-08-24
7.8
None Remote Low Not required None None Complete
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.
434 CVE-2014-6051 189 DoS Exec Code Overflow 2014-09-30 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
435 CVE-2014-5077 476 DoS 2014-08-01 2020-08-13
7.1
None Remote Medium Not required None None Complete
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
436 CVE-2014-5009 77 Exec Code 2017-03-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
437 CVE-2014-5008 77 Exec Code 2017-03-31 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
Snoopy allows remote attackers to execute arbitrary commands.
438 CVE-2014-4967 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
439 CVE-2014-4966 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
440 CVE-2014-4678 74 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
441 CVE-2014-4657 20 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
442 CVE-2014-4650 22 Exec Code Dir. Trav. 2020-02-20 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
443 CVE-2014-4344 476 DoS 2014-08-14 2020-01-21
7.8
None Remote Low Not required None None Complete
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
444 CVE-2014-4343 415 DoS Exec Code Mem. Corr. 2014-08-14 2020-01-21
7.6
None Remote High Not required Complete Complete Complete
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
445 CVE-2014-3700 74 Exec Code 2019-11-21 2019-11-27
7.5
None Remote Low Not required Partial Partial Partial
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
446 CVE-2014-3699 502 2019-12-15 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
eDeploy has RCE via cPickle deserialization of untrusted data
447 CVE-2014-3693 DoS Exec Code 2014-11-07 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
448 CVE-2014-3691 310 Bypass 2015-03-09 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
449 CVE-2014-3687 400 DoS 2014-11-10 2020-08-10
7.8
None Remote Low Not required None None Complete
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
450 CVE-2014-3682 2015-02-20 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
Total number of vulnerabilities : 704   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.