VYPR

Enterprise Linux Workstation

by Red Hat

CVEs (891)

  • CVE-2015-8651HigKEVDec 28, 2015
    risk 0.75cvss 8.8epss 0.68

    Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to…

  • CVE-2017-14492CriOct 3, 2017
    risk 0.74cvss 9.8epss 0.93

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2017-14493CriOct 3, 2017
    risk 0.73cvss 9.8epss 0.84

    Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

  • CVE-2017-8291HigKEVApr 27, 2017
    risk 0.73cvss 7.8epss 0.97

    Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

  • CVE-2017-5030HigKEVApr 24, 2017
    risk 0.73cvss 8.8epss 0.42

    Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2016-1646HigKEVMar 29, 2016
    risk 0.73cvss 8.8epss 0.48

    The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other…

  • CVE-2014-1511CriMar 19, 2014
    risk 0.73cvss 9.8epss 0.84

    Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

  • CVE-2014-1510CriMar 19, 2014
    risk 0.73cvss 9.8epss 0.82

    The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

  • CVE-2013-0640HigKEVFeb 14, 2013
    risk 0.73cvss 7.8epss 0.87

    Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

  • CVE-2017-5070HigKEVOct 27, 2017
    risk 0.72cvss 8.8epss 0.31

    Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-5198HigKEVJan 19, 2017
    risk 0.72cvss 8.8epss 0.35

    V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a…

  • CVE-2016-6662CriSep 20, 2016
    risk 0.72cvss 9.8epss 0.68

    Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary…

  • CVE-2014-0160HigKEVApr 7, 2014
    risk 0.72cvss 7.5epss 1.00

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…

  • CVE-2017-5645CriApr 17, 2017
    risk 0.71cvss 9.8epss 0.89

    In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

  • CVE-2016-7855HigKEVNov 1, 2016
    risk 0.71cvss 8.8epss 0.25

    Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

  • CVE-2014-0502HigKEVFeb 21, 2014
    risk 0.71cvss 8.8epss 0.24

    Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before…

  • CVE-2012-1535HigKEVAug 15, 2012
    risk 0.71cvss 7.8epss 0.70

    Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in…

  • CVE-2017-11292HigKEVOct 22, 2017
    risk 0.70cvss 8.8epss 0.12

    Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…

  • CVE-2013-0648HigKEVFeb 27, 2013
    risk 0.70cvss 8.8epss 0.11

    Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary…

Page 2 of 45