Search Results (23539 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7294 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 7.8 High
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2017-5336 3 Gnu, Opensuse, Redhat 3 Gnutls, Leap, Enterprise Linux 2025-04-20 N/A
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVE-2017-7486 2 Postgresql, Redhat 5 Postgresql, Enterprise Linux, Network Satellite and 2 more 2025-04-20 N/A
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
CVE-2014-8163 1 Redhat 1 Satellite 2025-04-20 N/A
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2016-5226 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
CVE-2016-5225 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
CVE-2016-5224 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
CVE-2016-5223 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
CVE-2016-5222 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2016-4446 2 Redhat, Setroubleshoot Project 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2025-04-20 N/A
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
CVE-2016-3702 1 Redhat 1 Cloudforms Management Engine 2025-04-20 N/A
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
CVE-2017-5484 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
CVE-2017-7547 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Software Collections 2025-04-20 N/A
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
CVE-2017-7554 1 Redhat 1 Mobile Application Platform 2025-04-20 N/A
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVE-2017-5637 3 Apache, Debian, Redhat 5 Zookeeper, Debian Linux, Jboss Bpms and 2 more 2025-04-20 N/A
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
CVE-2015-8897 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2025-04-20 N/A
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-6240 1 Redhat 1 Ansible 2025-04-20 N/A
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
CVE-2015-5740 3 Fedoraproject, Golang, Redhat 7 Fedora, Go, Enterprise Linux and 4 more 2025-04-20 N/A
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
CVE-2017-7679 2 Apache, Redhat 5 Http Server, Enterprise Linux, Jboss Core Services and 2 more 2025-04-20 N/A
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVE-2014-0208 2 Redhat, Theforeman 2 Satellite, Foreman 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.