Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 88 of 97
CVE-2012-1535HIGHCVSS 7.8KEVPoCv5.02012-08-15
CVE-2012-1535 [HIGH] CWE-20 CVE-2012-1535: Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and befo
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
nvd
CVE-2012-2665HIGHCVSS 7.5v6.02012-08-06
CVE-2012-2665 [HIGH] CWE-787 CVE-2012-2665: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in Ope
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a
nvd
CVE-2012-0867MEDIUMCVSS 4.3v5.0v6.02012-07-18
CVE-2012-0867 [MEDIUM] CWE-20 CVE-2012-0867: PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
nvd
CVE-2012-1734MEDIUMCVSS 4.0v6.02012-07-17
CVE-2012-1734 [MEDIUM] CVE-2012-1734: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
nvd
CVE-2012-1689MEDIUMCVSS 4.0v6.02012-07-17
CVE-2012-1689 [MEDIUM] CVE-2012-1689: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
nvd
CVE-2012-0540MEDIUMCVSS 4.0v6.02012-07-17
CVE-2012-0540 [MEDIUM] CVE-2012-0540: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
nvd
CVE-2012-0876MEDIUMCVSS 4.3v5.0v6.02012-07-03
CVE-2012-0876 [MEDIUM] CWE-400 CVE-2012-0876: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the abili
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
nvd
CVE-2012-1149HIGHCVSS 7.5v5.0v6.02012-06-21
CVE-2012-1149 [HIGH] CWE-189 CVE-2012-1149: Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based b
nvd
CVE-2012-2149HIGHCVSS 7.5v5.02012-06-21
CVE-2012-2149 [HIGH] CWE-189 CVE-2012-2149: The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used b
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
nvd
CVE-2012-0037MEDIUMCVSS 6.5v5.0v6.02012-06-17
CVE-2012-0037 [MEDIUM] CWE-611 CVE-2012-0037: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice bef
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
nvd
CVE-2011-3193CRITICALCVSS 9.3v4.0v5.0+1 more2012-06-16
CVE-2011-3193 [CRITICAL] CWE-787 CVE-2011-3193: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
nvd
CVE-2012-1723CRITICALCVSS 9.8KEVPoCv5.0v6.02012-06-16
CVE-2012-1723 [CRITICAL] CWE-284 CVE-2012-1723: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
nvd
CVE-2012-1717LOWCVSS 2.1v5.0v6.02012-06-16
CVE-2012-1717 [LOW] CVE-2012-1717: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
nvd
CVE-2012-2313LOWCVSS 1.2v5.02012-06-13
CVE-2012-2313 [LOW] CWE-264 CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does no
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
nvd
CVE-2012-2037CRITICALCVSS 9.3v5.0v6.02012-06-09
CVE-2012-2037 [CRITICAL] CVE-2012-2037: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via
nvd
CVE-2012-2035CRITICALCVSS 9.3v5.0v6.02012-06-09
CVE-2012-2035 [CRITICAL] CWE-787 CVE-2012-2035: Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecifi
nvd
CVE-2012-2039CRITICALCVSS 9.3v5.0v6.02012-06-09
CVE-2012-2039 [CRITICAL] CWE-476 CVE-2012-2039: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer d
nvd
CVE-2012-2036CRITICALCVSS 9.3v5.0v6.02012-06-09
CVE-2012-2036 [CRITICAL] CWE-190 CVE-2012-2036: Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows an
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-2034HIGHCVSS 7.5KEVv5.0v6.02012-06-09
CVE-2012-2034 [HIGH] CWE-119 CVE-2012-2034: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
nvd
CVE-2012-2038MEDIUMCVSS 4.3v5.0v6.02012-06-09
CVE-2012-2038 [MEDIUM] CWE-200 CVE-2012-2038: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information
nvd