Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-19476 [HIGH] CWE-704 CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access rest psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

CVE-2018-19409 [CRITICAL] CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctl An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

CVE-2018-5407 [MEDIUM] CWE-200 CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVE-2018-17472 [CRITICAL] CWE-20 CVE-2018-17472: Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.35 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

CVE-2018-17466 [HIGH] CWE-125 CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-6064 [HIGH] CWE-704 CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.1 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6062 [HIGH] CWE-787 CVE-2018-6062: Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2018-6057 [HIGH] CWE-732 CVE-2018-6057: Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote at Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

CVE-2018-6065 [HIGH] CWE-190 CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript objec Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6067 [HIGH] CWE-125 CVE-2018-6067: Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacke Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6061 [HIGH] CWE-362 CVE-2018-6061: A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-17463 [HIGH] CVE-2018-17463: Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attac Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6060 [HIGH] CWE-416 CVE-2018-6060: Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to pote Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6083 [HIGH] CVE-2018-6083: Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

CVE-2018-6063 [HIGH] CWE-787 CVE-2018-6063: Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowe Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

CVE-2018-17465 [HIGH] CWE-416 CVE-2018-17465: Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a r Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

CVE-2018-17474 [HIGH] CWE-416 CVE-2018-17474: Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a re Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-17475 [MEDIUM] CVE-2018-17475: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6082 [MEDIUM] CWE-200 CVE-2018-6082: Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325 Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

CVE-2018-17476 [MEDIUM] CVE-2018-17476: Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attack Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.