Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 55 of 97
CVE-2017-10198MEDIUMCVSS 6.8v6.0v7.02017-08-08
CVE-2017-10198 [MEDIUM] CVE-2017-10198: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
nvd
CVE-2017-3651MEDIUMCVSS 4.3v7.02017-08-08
CVE-2017-3651 [MEDIUM] CVE-2017-3651: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Suppor
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this v
nvd
CVE-2017-10243MEDIUMCVSS 6.5v6.0v7.02017-08-08
CVE-2017-10243 [MEDIUM] CVE-2017-10243: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Ja
nvd
CVE-2017-10109MEDIUMCVSS 5.3v6.0v7.02017-08-08
CVE-2017-10109 [MEDIUM] CVE-2017-10109: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java
nvd
CVE-2017-10135MEDIUMCVSS 5.9v6.0v7.02017-08-08
CVE-2017-10135 [MEDIUM] CVE-2017-10135: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav
nvd
CVE-2017-10053MEDIUMCVSS 5.3v6.0v7.02017-08-08
CVE-2017-10053 [MEDIUM] CVE-2017-10053: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java S
nvd
CVE-2017-3653LOWCVSS 3.1v7.02017-08-08
CVE-2017-3653 [LOW] CVE-2017-3653: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2017-10193LOWCVSS 3.1v6.0v7.02017-08-08
CVE-2017-10193 [LOW] CVE-2017-10193: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2015-7704HIGHCVSS 7.5v6.0v7.02017-08-07
CVE-2015-7704 [HIGH] CWE-20 CVE-2015-7704: The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
nvd
CVE-2015-7691HIGHCVSS 7.5v6.0v7.02017-08-07
CVE-2015-7691 [HIGH] CVE-2015-7691: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
nvd
CVE-2015-7692HIGHCVSS 7.5v6.0v7.02017-08-07
CVE-2015-7692 [HIGH] CVE-2015-7692: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
nvd
CVE-2015-7701HIGHCVSS 7.5v6.0v7.02017-08-07
CVE-2015-7701 [HIGH] CWE-772 CVE-2015-7701: Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.7
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
nvd
CVE-2015-7852MEDIUMCVSS 5.9v6.0v7.02017-08-07
CVE-2015-7852 [MEDIUM] CWE-20 CVE-2015-7852: ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
nvd
CVE-2015-7702MEDIUMCVSS 6.5v6.0v7.02017-08-07
CVE-2015-7702 [MEDIUM] CVE-2015-7702: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
nvd
CVE-2017-10664HIGHCVSS 7.5v7.02017-08-02
CVE-2017-10664 [HIGH] CVE-2017-10664: qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to caus
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
nvd
CVE-2016-8743HIGHCVSS 7.5v6.0v7.02017-07-27
CVE-2016-8743 [HIGH] CVE-2016-8743: Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accept
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventio
nvd
CVE-2017-7980HIGHCVSS 7.8v6.0v7.02017-07-25
CVE-2017-7980 [HIGH] CWE-119 CVE-2017-7980: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
nvd
CVE-2015-3149MEDIUMCVSS 5.5v6.0v7.02017-07-25
CVE-2015-3149 [MEDIUM] CWE-59 CVE-2015-3149: The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
nvd
CVE-2015-7703HIGHCVSS 7.5v6.0v7.02017-07-24
CVE-2015-7703 [HIGH] CWE-20 CVE-2015-7703: The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, w
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
nvd
CVE-2015-5219HIGHCVSS 7.5v6.0v7.02017-07-21
CVE-2015-5219 [HIGH] CWE-704 CVE-2015-5219: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions fr
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
nvd