Redhat Enterprise Linux Server Aus — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Linux Server Aus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2013-5830 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and…
CVE-2013-5843 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and…
CVE-2013-2555 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x…
CVE-2014-1512 — CVSS 10.0 (critical): Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4…
CVE-2013-5829 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded…
CVE-2013-5842 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded…
CVE-2013-0767 — CVSS 10.0 (critical): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1…
CVE-2018-5098 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in…
CVE-2018-5097 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by…
CVE-2018-5096 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash…
CVE-2017-7792 — CVSS 9.8 (critical): A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object…
CVE-2018-1000007 — CVSS 9.8 (critical): libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP…
CVE-2017-7786 — CVSS 9.8 (critical): A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially…
CVE-2017-7785 — CVSS 9.8 (critical): A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a…
CVE-2017-7784 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This…
CVE-2017-7779 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2018-5104 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a…
CVE-2018-5103 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially…
CVE-2018-5091 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially…
CVE-2017-7793 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting…
CVE-2018-5102 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable…
CVE-2018-5095 — CVSS 9.8 (critical): An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM…
CVE-2018-5099 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been…
CVE-2013-5616 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x…
CVE-2013-5618 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in…
CVE-2013-6671 — CVSS 9.8 (critical): The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and…
CVE-2017-5446 — CVSS 9.8 (critical): An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially…
CVE-2017-5443 — CVSS 9.8 (critical): An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird <…
CVE-2017-5442 — CVSS 9.8 (critical): A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash…
CVE-2017-5441 — CVSS 9.8 (critical): A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This…
CVE-2017-5440 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating…
CVE-2017-5439 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially…
CVE-2017-5438 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results…
CVE-2017-5435 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a…
CVE-2017-5433 — CVSS 9.8 (critical): A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the…
CVE-2014-1477 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before…
CVE-2017-5432 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability…
CVE-2017-5428 — CVSS 9.8 (critical): An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the…
CVE-2014-1486 — CVSS 9.8 (critical): Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird…
CVE-2017-5410 — CVSS 9.8 (critical): Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental…
CVE-2014-1493 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before…
CVE-2014-1510 — CVSS 9.8 (critical): The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25…
CVE-2014-1511 — CVSS 9.8 (critical): Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to…
CVE-2014-1514 — CVSS 9.8 (critical): vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25…
CVE-2014-1524 — CVSS 9.8 (critical): The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5…
CVE-2017-5404 — CVSS 9.8 (critical): A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside…
CVE-2014-1532 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0…
CVE-2017-7828 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in…
CVE-2017-5402 — CVSS 9.8 (critical): A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working…
CVE-2017-5401 — CVSS 9.8 (critical): A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be…
CVE-2019-9792 — CVSS 9.8 (critical): The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This…
CVE-2019-9791 — CVSS 9.8 (critical): The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled…
CVE-2019-9788 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of…
CVE-2017-5400 — CVSS 9.8 (critical): JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory…
CVE-2019-9636 — CVSS 9.8 (critical): Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during…
CVE-2017-5398 — CVSS 9.8 (critical): Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with…
CVE-2017-7826 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-5396 — CVSS 9.8 (critical): A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are…
CVE-2017-5390 — CVSS 9.8 (critical): The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers…
CVE-2017-5380 — CVSS 9.8 (critical): A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7…
CVE-2017-5376 — CVSS 9.8 (critical): Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox <…
CVE-2017-7819 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
CVE-2017-7818 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within…
CVE-2015-0192 — CVSS 9.8 (critical): Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0…
CVE-2017-7810 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2019-15605 — CVSS 9.8 (critical): HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2018-12390 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed…
CVE-2018-12392 — CVSS 9.8 (critical): When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2017-3167 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the…
CVE-2018-1312 — CVSS 9.8 (critical): In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not…
CVE-2018-14354 — CVSS 9.8 (critical): An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands…
CVE-2017-2885 — CVSS 9.8 (critical): An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a…
CVE-2018-14357 — CVSS 9.8 (critical): An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands…
CVE-2019-14813 — CVSS 9.8 (critical): A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged…
CVE-2017-7809 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the…
CVE-2018-14362 — CVSS 9.8 (critical): An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe…
CVE-2019-12450 — CVSS 9.8 (critical): file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is…
CVE-2018-15127 — CVSS 9.8 (critical): LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file…
CVE-2019-11356 — CVSS 9.8 (critical): The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code…
CVE-2015-4643 — CVSS 9.8 (critical): Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows…
CVE-2019-11235 — CVSS 9.8 (critical): FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group…
CVE-2017-18017 — CVSS 9.8 (critical): The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote…
CVE-2017-17833 — CVSS 9.8 (critical): OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a…
CVE-2017-15041 — CVSS 9.8 (critical): Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so…
CVE-2017-14064 — CVSS 9.8 (critical): Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies…
CVE-2019-10160 — CVSS 9.8 (critical): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions…
CVE-2019-10126 — CVSS 9.8 (critical): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mw…
CVE-2019-1010238 — CVSS 9.8 (critical): Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code…
CVE-2017-12896 — CVSS 9.8 (critical): The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
CVE-2018-17456 — CVSS 9.8 (critical): Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows…
CVE-2019-0160 — CVSS 9.8 (critical): Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of…
CVE-2015-5739 — CVSS 9.8 (critical): The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers…
CVE-2015-5740 — CVSS 9.8 (critical): The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to…
CVE-2018-18311 — CVSS 9.8 (critical): Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2017-7802 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2018-8787 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-8786 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2015-8391 — CVSS 9.8 (critical): The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a…
CVE-2018-8088 — CVSS 9.8 (critical): org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access…
CVE-2018-7750 — CVSS 9.8 (critical): transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5…
CVE-2018-7225 — CVSS 9.8 (critical): An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length…
CVE-2018-6871 — CVSS 9.8 (critical): LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which…
CVE-2018-19115 — CVSS 9.8 (critical): keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other…
CVE-2016-0749 — CVSS 9.8 (critical): The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute…
CVE-2017-7801 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style…
CVE-2018-5188 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and…
CVE-2018-19409 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2017-1000116 — CVSS 9.8 (critical): Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2018-5183 — CVSS 9.8 (critical): Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer…
CVE-2017-7800 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation…
CVE-2017-0903 — CVSS 9.8 (critical): RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem…
CVE-2016-1908 — CVSS 9.8 (critical): The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for…
CVE-2017-0899 — CVSS 9.8 (critical): RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters…
CVE-2016-9899 — CVSS 9.8 (critical): Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability…
CVE-2018-5159 — CVSS 9.8 (critical): An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in…
CVE-2016-2108 — CVSS 9.8 (critical): The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a…
CVE-2016-9898 — CVSS 9.8 (critical): Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox…
CVE-2016-9893 — CVSS 9.8 (critical): Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with…
CVE-2018-5156 — CVSS 9.8 (critical): A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result…
CVE-2018-5155 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially…
CVE-2018-5154 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially…
CVE-2018-5150 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory…
CVE-2018-5145 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough…
CVE-2016-6662 — CVSS 9.8 (critical): Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x…
CVE-2017-7751 — CVSS 9.8 (critical): A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects…
CVE-2017-7750 — CVSS 9.8 (critical): A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window…
CVE-2017-7749 — CVSS 9.8 (critical): A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable…
CVE-2018-1000140 — CVSS 9.8 (critical): rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that…
CVE-2017-5645 — CVSS 9.8 (critical): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another…
CVE-2017-5472 — CVSS 9.8 (critical): A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node…
CVE-2017-5470 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-5469 — CVSS 9.8 (critical): Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird <…
CVE-2017-5464 — CVSS 9.8 (critical): During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading…
CVE-2017-5460 — CVSS 9.8 (critical): A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This…
CVE-2017-5459 — CVSS 9.8 (critical): A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird…
CVE-2017-5456 — CVSS 9.8 (critical): A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This…
CVE-2013-5609 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before…
CVE-2013-5613 — CVSS 9.8 (critical): Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before…
CVE-2017-10111 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is…
CVE-2017-10346 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2017-10096 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10101 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10285 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10087 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10107 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10089 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151…
CVE-2017-10090 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10110 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151…
CVE-2014-8567 — CVSS 9.4 (critical): The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted…
CVE-2013-0766 — CVSS 9.3 (critical): Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and…
CVE-2013-0769 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before…
CVE-2012-2039 — CVSS 9.3 (critical): Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236…
CVE-2012-2035 — CVSS 9.3 (critical): Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before…
CVE-2012-1938 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before…
CVE-2013-0744 — CVSS 9.3 (critical): Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox…
CVE-2013-0746 — CVSS 9.3 (critical): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before…
CVE-2023-46846 — CVSS 9.3 (critical): SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response…
CVE-2013-0750 — CVSS 9.3 (critical): Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2…
CVE-2013-0753 — CVSS 9.3 (critical): Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox…
CVE-2013-0754 — CVSS 9.3 (critical): Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x…
CVE-2013-0758 — CVSS 9.3 (critical): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before…
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2013-0762 — CVSS 9.3 (critical): Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and…
CVE-2013-0763 — CVSS 9.3 (critical): Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR…
CVE-2012-6075 — CVSS 9.3 (critical): Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP…
CVE-2012-2036 — CVSS 9.3 (critical): Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x…
CVE-2012-2037 — CVSS 9.3 (critical): Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236…
CVE-2018-12387 — CVSS 9.1 (critical): A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer…
CVE-2017-7758 — CVSS 9.1 (critical): An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in…
CVE-2014-1508 — CVSS 9.1 (critical): The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and…