Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 60 of 97
CVE-2017-3243MEDIUMCVSS 4.4v7.02017-01-27
CVE-2017-3243 [MEDIUM] CVE-2017-3243: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Suppor
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2017-3258MEDIUMCVSS 6.5v7.02017-01-27
CVE-2017-3258 [MEDIUM] CWE-20 CVE-2017-3258: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
nvd
CVE-2017-3244MEDIUMCVSS 6.5v7.02017-01-27
CVE-2017-3244 [MEDIUM] CVE-2017-3244: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner
nvd
CVE-2017-3313MEDIUMCVSS 4.7v5.0v6.02017-01-27
CVE-2017-3313 [MEDIUM] CVE-2017-3313: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supporte
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful
nvd
CVE-2016-5824MEDIUMCVSS 5.5v6.0v7.02017-01-27
CVE-2016-5824 [MEDIUM] CWE-416 CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
nvd
CVE-2017-3265MEDIUMCVSS 5.6v7.02017-01-27
CVE-2017-3265 [MEDIUM] CVE-2017-3265: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes
nvd
CVE-2017-3291MEDIUMCVSS 6.3v7.02017-01-27
CVE-2017-3291 [MEDIUM] CVE-2017-3291: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Succes
nvd
CVE-2017-3318MEDIUMCVSS 4.0v7.02017-01-27
CVE-2017-3318 [MEDIUM] CVE-2017-3318: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Su
nvd
CVE-2017-3238MEDIUMCVSS 6.5v7.02017-01-27
CVE-2017-3238 [MEDIUM] CVE-2017-3238: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
nvd
CVE-2017-3317MEDIUMCVSS 4.0v7.02017-01-27
CVE-2017-3317 [MEDIUM] CVE-2017-3317: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versi
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attac
nvd
CVE-2016-9446HIGHCVSS 7.5v7.02017-01-23
CVE-2016-9446 [HIGH] CWE-665 CVE-2016-9446: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attacke
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
nvd
CVE-2016-9401MEDIUMCVSS 5.5v6.0v7.02017-01-23
CVE-2016-9401 [MEDIUM] CWE-416 CVE-2016-9401: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
nvd
CVE-2016-7545HIGHCVSS 8.8v6.0v7.02017-01-19
CVE-2016-7545 [HIGH] CWE-284 CVE-2016-7545: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
nvd
CVE-2016-5198HIGHCVSS 8.8KEVv6.02017-01-19
CVE-2016-5198 [HIGH] CWE-125 CVE-2016-5198: V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
nvd
CVE-2016-7426HIGHCVSS 7.5v6.0v7.02017-01-13
CVE-2016-7426 [HIGH] CWE-400 CVE-2016-7426: NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
nvd
CVE-2016-9811MEDIUMCVSS 4.7v7.02017-01-13
CVE-2016-9811 [MEDIUM] CWE-125 CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is s
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
nvd
CVE-2016-9131HIGHCVSS 7.5v7.02017-01-12
CVE-2016-9131 [HIGH] CWE-20 CVE-2016-9131: named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows r
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
nvd
CVE-2016-7091MEDIUMCVSS 4.4v7.02016-12-22
CVE-2016-7091 [MEDIUM] CWE-200 CVE-2016-7091: sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elev
nvd
CVE-2014-8241CRITICALCVSS 9.8v7.02016-12-14
CVE-2014-8241 [CRITICAL] CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
nvd
CVE-2016-7864HIGHCVSS 8.8v5.0v6.02016-11-08
CVE-2016-7864 [HIGH] CWE-416 CVE-2016-7864: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd