Vendor CVEs
Red Hat
All CVEs
3,692 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13017 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2017 | The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | ||
| CVE-2017-13016 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | ||
| CVE-2017-13015 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2017 | The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). | ||
| CVE-2017-13010 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). | ||
| CVE-2017-12999 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). | ||
| CVE-2017-12996 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2017 | The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). | ||
| CVE-2017-12995 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2017 | The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). | ||
| CVE-2017-12990 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. | ||
| CVE-2017-12987 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | ||
| CVE-2017-12902 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | ||
| CVE-2017-12899 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | ||
| CVE-2017-12898 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). | ||
| CVE-2017-12896 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | ||
| CVE-2017-14064 | Cri | 0.64 | 9.8 | 0.09 | Aug 31, 2017 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of… | ||
| CVE-2015-3278 | Cri | 0.64 | 9.8 | 0.02 | Jul 25, 2017 | The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. | ||
| CVE-2017-11542 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. | ||
| CVE-2017-11541 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. | ||
| CVE-2017-9788 | Cri | 0.64 | 9.1 | 0.57 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment… | ||
| CVE-2017-7512 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2017 | Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in… | ||
| CVE-2016-5411 | Cri | 0.64 | 9.8 | 0.02 | Jun 13, 2017 | /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | ||
| CVE-2016-7050 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2017 | SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | ||
| CVE-2016-5405 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2017 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. | ||
| CVE-2016-3690 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2017 | The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | ||
| CVE-2017-9214 | Cri | 0.64 | 9.8 | 0.03 | May 23, 2017 | In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | ||
| CVE-2016-9843 | Cri | 0.64 | 9.8 | 0.06 | May 23, 2017 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | ||
| CVE-2016-9841 | Cri | 0.64 | 9.8 | 0.07 | May 23, 2017 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||
| CVE-2016-5178 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2017-7503 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2017 | It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | ||
| CVE-2014-5008 | Cri | 0.64 | 9.8 | 0.04 | Mar 31, 2017 | Snoopy allows remote attackers to execute arbitrary commands. | ||
| CVE-2008-7313 | Cri | 0.64 | 9.8 | 0.05 | Mar 31, 2017 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | ||
| CVE-2017-5205 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | ||
| CVE-2017-5204 | Cri | 0.64 | 9.8 | 0.06 | Jan 28, 2017 | The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | ||
| CVE-2017-5203 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | ||
| CVE-2017-5202 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | ||
| CVE-2016-9636 | Cri | 0.64 | 9.8 | 0.09 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond… | ||
| CVE-2016-9635 | Cri | 0.64 | 9.8 | 0.09 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond… | ||
| CVE-2016-9634 | Cri | 0.64 | 9.8 | 0.09 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | ||
| CVE-2014-8241 | Cri | 0.64 | 9.8 | 0.03 | Dec 14, 2016 | XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | ||
| CVE-2016-5408 | Cri | 0.64 | 9.8 | 0.04 | Aug 10, 2016 | Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an… | ||
| CVE-2016-4999 | Cri | 0.64 | 9.8 | 0.04 | Aug 5, 2016 | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set… | ||
| CVE-2016-3737 | Cri | 0.64 | 9.8 | 0.07 | Aug 2, 2016 | The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | ||
| CVE-2016-5008 | Cri | 0.64 | 9.8 | 0.04 | Jul 13, 2016 | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | ||
| CVE-2016-2074 | Cri | 0.64 | 9.8 | 0.06 | Jul 3, 2016 | Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. | ||
| CVE-2016-4448 | Cri | 0.64 | 9.8 | 0.07 | Jun 9, 2016 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||
| CVE-2016-0749 | Cri | 0.64 | 9.8 | 0.08 | Jun 9, 2016 | The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | ||
| CVE-2015-4601 | Cri | 0.64 | 9.8 | 0.08 | May 16, 2016 | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a… | ||
| CVE-2016-1666 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2016 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2016-1662 | Cri | 0.64 | 9.8 | 0.04 | May 14, 2016 | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via… | ||
| CVE-2010-5325 | Cri | 0.64 | 9.8 | 0.05 | Apr 15, 2016 | Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. | ||
| CVE-2016-0791 | Cri | 0.64 | 9.8 | 0.03 | Apr 7, 2016 | Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. |
- risk 0.64cvss 9.8epss 0.02
The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
- risk 0.64cvss 9.8epss 0.03
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
- risk 0.64cvss 9.8epss 0.02
The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().
- risk 0.64cvss 9.8epss 0.03
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
- risk 0.64cvss 9.8epss 0.03
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
- risk 0.64cvss 9.8epss 0.02
The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
- risk 0.64cvss 9.8epss 0.02
The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().
- risk 0.64cvss 9.8epss 0.03
The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.
- risk 0.64cvss 9.8epss 0.03
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
- risk 0.64cvss 9.8epss 0.03
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
- risk 0.64cvss 9.8epss 0.03
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
- risk 0.64cvss 9.8epss 0.03
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
- risk 0.64cvss 9.8epss 0.03
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
- risk 0.64cvss 9.8epss 0.09
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…
- risk 0.64cvss 9.8epss 0.02
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
- risk 0.64cvss 9.1epss 0.57
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…
- risk 0.64cvss 9.8epss 0.02
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in…
- risk 0.64cvss 9.8epss 0.02
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
- risk 0.64cvss 9.8epss 0.05
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
- risk 0.64cvss 9.8epss 0.05
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
- risk 0.64cvss 9.8epss 0.03
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
- risk 0.64cvss 9.8epss 0.06
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
- risk 0.64cvss 9.8epss 0.07
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- risk 0.64cvss 9.8epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.02
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
- risk 0.64cvss 9.8epss 0.04
Snoopy allows remote attackers to execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.05
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
- risk 0.64cvss 9.8epss 0.04
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
- risk 0.64cvss 9.8epss 0.06
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
- risk 0.64cvss 9.8epss 0.04
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
- risk 0.64cvss 9.8epss 0.04
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond…
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond…
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
- risk 0.64cvss 9.8epss 0.03
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
- risk 0.64cvss 9.8epss 0.04
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an…
- risk 0.64cvss 9.8epss 0.04
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set…
- risk 0.64cvss 9.8epss 0.07
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
- risk 0.64cvss 9.8epss 0.04
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
- risk 0.64cvss 9.8epss 0.06
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
- risk 0.64cvss 9.8epss 0.07
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
- risk 0.64cvss 9.8epss 0.08
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.08
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a…
- risk 0.64cvss 9.8epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.04
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via…
- risk 0.64cvss 9.8epss 0.05
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
- risk 0.64cvss 9.8epss 0.03
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
Page 3 of 74