Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 27 of 97
CVE-2018-16541MEDIUMCVSS 5.5v7.02018-09-05
CVE-2018-16541 [MEDIUM] CWE-416 CVE-2018-16541: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
nvd
CVE-2018-16539MEDIUMCVSS 5.5v7.02018-09-05
CVE-2018-16539 [MEDIUM] CWE-200 CVE-2018-16539: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
nvd
CVE-2018-10911HIGHCVSS 7.5v6.0v7.02018-09-04
CVE-2018-10911 [HIGH] CWE-190 CVE-2018-10911: A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key lengt
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
nvd
CVE-2018-16435MEDIUMCVSS 5.5v6.02018-09-04
CVE-2018-16435 [MEDIUM] CWE-190 CVE-2018-16435: Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet f
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
nvd
CVE-2018-16402CRITICALCVSS 9.8v7.02018-09-03
CVE-2018-16402 [CRITICAL] CWE-415 CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
nvd
CVE-2018-14622HIGHCVSS 7.5v7.02018-08-30
CVE-2018-14622 [HIGH] CWE-252 CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new conne
nvd
CVE-2018-12828CRITICALCVSS 9.8v6.02018-08-29
CVE-2018-12828 [CRITICAL] CVE-2018-12828: Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vul
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
nvd
CVE-2018-12825CRITICALCVSS 9.8v6.02018-08-29
CVE-2018-12825 [CRITICAL] CVE-2018-12825: Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitat
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
nvd
CVE-2018-12827HIGHCVSS 7.5PoCv6.02018-08-29
CVE-2018-12827 [HIGH] CWE-125 CVE-2018-12827: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
nvd
CVE-2018-12826HIGHCVSS 7.5v6.02018-08-29
CVE-2018-12826 [HIGH] CWE-125 CVE-2018-12826: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
nvd
CVE-2018-16062MEDIUMCVSS 5.5v7.02018-08-29
CVE-2018-16062 [MEDIUM] CWE-125 CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attacker
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
nvd
CVE-2018-12824MEDIUMCVSS 5.9v6.02018-08-29
CVE-2018-12824 [MEDIUM] CWE-125 CVE-2018-12824: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
nvd
CVE-2017-15398CRITICALCVSS 9.8v6.02018-08-28
CVE-2017-15398 [CRITICAL] CWE-119 CVE-2017-15398: A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
nvd
CVE-2017-15410HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15410 [HIGH] CWE-416 CVE-2017-15410: Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potenti
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2017-15411HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15411 [HIGH] CWE-416 CVE-2017-15411: Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potenti
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2017-15412HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15412 [HIGH] CWE-416 CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other pro
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15399HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15399 [HIGH] CWE-416 CVE-2017-15399: A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potential
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15407HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15407 [HIGH] CWE-787 CVE-2017-15407: Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a re
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
nvd
CVE-2017-15409HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15409 [HIGH] CWE-119 CVE-2017-15409: Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to pot
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15408HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15408 [HIGH] CWE-119 CVE-2017-15408: Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
nvd