VYPR

Enterprise Linux Workstation

by Red Hat

CVEs (891)

  • CVE-2017-5105MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5104MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

  • CVE-2017-5101MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

  • CVE-2017-5094MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.02

    Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

  • CVE-2017-5093MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

  • CVE-2017-5089MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

  • CVE-2017-5086MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5076MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5067MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-5066MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML…

  • CVE-2017-5060MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-10384MedOct 19, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2017-10379MedOct 19, 2017
    risk 0.42cvss 6.5epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2017-0900HigAug 31, 2017
    risk 0.42cvss 7.5epss 0.08

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

  • CVE-2016-6796HigAug 11, 2017
    risk 0.42cvss 7.5epss 0.08

    A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

  • CVE-2016-6797HigAug 10, 2017
    risk 0.42cvss 7.5epss 0.08

    The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.…

  • CVE-2017-10243MedAug 8, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows…

  • CVE-2015-5219HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

  • CVE-2015-5195HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.07

    ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

  • CVE-2015-5194HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Page 19 of 45