VYPR

Enterprise Linux Workstation

by Red Hat

CVEs (891)

  • CVE-2013-0643HigKEVFeb 27, 2013
    risk 0.70cvss 8.8epss 0.11

    The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary…

  • CVE-2017-11282CriDec 1, 2017
    risk 0.69cvss 9.8epss 0.35

    Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

  • CVE-2017-11281CriDec 1, 2017
    risk 0.69cvss 9.8epss 0.34

    Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

  • CVE-2017-12617HigKEVOct 4, 2017
    risk 0.69cvss 8.1epss 1.00

    When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via…

  • CVE-2016-4138CriJun 16, 2016
    risk 0.69cvss 9.8epss 0.25

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2017-17405HigDec 15, 2017
    risk 0.66cvss 8.8epss 0.74

    Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is…

  • CVE-2017-3167CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.20

    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

  • CVE-2016-1908CriApr 11, 2017
    risk 0.65cvss 9.8epss 0.14

    The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging…

  • CVE-2015-4643CriMay 16, 2016
    risk 0.65cvss 9.8epss 0.17

    Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this…

  • CVE-2015-4603CriMay 16, 2016
    risk 0.65cvss 9.8epss 0.11

    The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

  • CVE-2015-4602CriMay 16, 2016
    risk 0.65cvss 9.8epss 0.11

    The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type,…

  • CVE-2015-4600CriMay 16, 2016
    risk 0.65cvss 9.8epss 0.11

    The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1)…

  • CVE-2015-4599CriMay 16, 2016
    risk 0.65cvss 9.8epss 0.11

    The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data…

  • CVE-2015-8668CriJan 8, 2016
    risk 0.65cvss 9.8epss 0.14

    Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

  • CVE-2013-6671CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.11

    The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

  • CVE-2013-5618CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.10

    Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute…

  • CVE-2013-0641HigKEVFeb 14, 2013
    risk 0.65cvss 7.8epss 0.32

    Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

  • CVE-2017-3114CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific…

  • CVE-2017-3112CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)…

  • CVE-2017-11225CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended…

Page 3 of 45