Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-8635 |
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Published: August 01, 2018; 9:29:00 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-9573 |
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Published: August 01, 2018; 2:29:00 AM -0400 |
V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2016-9603 |
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Published: July 27, 2018; 5:29:00 PM -0400 |
V3.0: 9.9 CRITICAL V2.0: 9.0 HIGH |
CVE-2016-9578 |
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Published: July 27, 2018; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9577 |
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. Published: July 27, 2018; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-2620 |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Published: July 27, 2018; 3:29:00 PM -0400 |
V3.0: 9.9 CRITICAL V2.0: 9.0 HIGH |
CVE-2017-2618 |
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. Published: July 27, 2018; 3:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-2616 |
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. Published: July 27, 2018; 3:29:00 PM -0400 |
V3.0: 4.7 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2017-2590 |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. Published: July 27, 2018; 2:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2017-18344 |
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). Published: July 26, 2018; 3:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-2615 |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Published: July 02, 2018; 9:29:00 PM -0400 |
V3.0: 9.1 CRITICAL V2.0: 9.0 HIGH |
CVE-2018-5117 |
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Published: June 11, 2018; 5:29:13 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-5095 |
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-5091 |
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7848 |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-7809 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Published: June 11, 2018; 5:29:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7807 |
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Published: June 11, 2018; 5:29:10 PM -0400 |
V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2017-7802 |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Published: June 11, 2018; 5:29:09 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7801 |
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Published: June 11, 2018; 5:29:09 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7800 |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Published: June 11, 2018; 5:29:09 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |