Redhat Enterprise Linux Server vulnerabilities

1,891 known vulnerabilities affecting redhat/enterprise_linux_server.

Total CVEs

1,891

CISA KEV

actively exploited

Public exploits

134

Exploited in wild

Severity breakdown

CRITICAL347HIGH710MEDIUM734LOW100

Vulnerabilities

Page 22 of 95

CVE-2018-14646MEDIUMCVSS 5.5v7.02018-11-26

CVE-2018-14646 [MEDIUM] CWE-476 CVE-2018-14646: The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

nvd

CVE-2018-19535MEDIUMCVSS 6.5v7.02018-11-26

CVE-2018-19535 [MEDIUM] CWE-125 CVE-2018-19535: In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

nvd

CVE-2018-19477HIGHCVSS 7.8v7.0v7.62018-11-23

CVE-2018-19477 [HIGH] CWE-704 CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access r psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

nvd

CVE-2018-19475HIGHCVSS 7.8v7.0v7.62018-11-23

CVE-2018-19475 [HIGH] CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

nvd

CVE-2018-19476HIGHCVSS 7.8v7.0v7.62018-11-23

CVE-2018-19476 [HIGH] CWE-704 CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access rest psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

nvd

CVE-2018-19409CRITICALCVSS 9.8v7.02018-11-21

CVE-2018-19409 [CRITICAL] CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctl An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

nvd

CVE-2018-5407MEDIUMCVSS 4.7PoCv7.0v7.62018-11-15

CVE-2018-5407 [MEDIUM] CWE-200 CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

nvd

CVE-2018-17472CRITICALCVSS 9.6v6.02018-11-14

CVE-2018-17472 [CRITICAL] CWE-20 CVE-2018-17472: Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.35 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

nvd

CVE-2018-17466HIGHCVSS 8.8v6.0v7.02018-11-14

CVE-2018-17466 [HIGH] CWE-125 CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

nvd

CVE-2018-6064HIGHCVSS 8.8PoCv6.02018-11-14

CVE-2018-6064 [HIGH] CWE-704 CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.1 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2018-6062HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6062 [HIGH] CWE-787 CVE-2018-6062: Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

nvd

CVE-2018-6057HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6057 [HIGH] CWE-732 CVE-2018-6057: Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote at Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

nvd

CVE-2018-6065HIGHCVSS 8.8KEVPoCv6.02018-11-14

CVE-2018-6065 [HIGH] CWE-190 CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript objec Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2018-6067HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6067 [HIGH] CWE-125 CVE-2018-6067: Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacke Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2018-6061HIGHCVSS 7.5v6.02018-11-14

CVE-2018-6061 [HIGH] CWE-362 CVE-2018-6061: A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2018-17463HIGHCVSS 8.8KEVPoCv6.02018-11-14

CVE-2018-17463 [HIGH] CVE-2018-17463: Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attac Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

nvd

CVE-2018-6060HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6060 [HIGH] CWE-416 CVE-2018-6060: Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to pote Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2018-6083HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6083 [HIGH] CVE-2018-6083: Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

nvd

CVE-2018-6063HIGHCVSS 8.8v6.02018-11-14

CVE-2018-6063 [HIGH] CWE-787 CVE-2018-6063: Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowe Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

nvd

CVE-2018-17465HIGHCVSS 8.8v6.02018-11-14

CVE-2018-17465 [HIGH] CWE-416 CVE-2018-17465: Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a r Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

nvd

← Previous22 / 95Next →