Redhat Enterprise Linux Server vulnerabilities
1,891 known vulnerabilities affecting redhat/enterprise_linux_server.
Total CVEs
1,891
CISA KEV
58
actively exploited
Public exploits
134
Exploited in wild
63
Severity breakdown
CRITICAL347HIGH710MEDIUM734LOW100
Vulnerabilities
Page 30 of 95
CVE-2017-15409HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15409 [HIGH] CWE-119 CVE-2017-15409: Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to pot
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15408HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15408 [HIGH] CWE-119 CVE-2017-15408: Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
nvd
CVE-2018-15911HIGHCVSS 7.8v7.02018-08-28
CVE-2018-15911 [HIGH] CWE-908 CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
nvd
CVE-2017-15413HIGHCVSS 8.8v6.02018-08-28
CVE-2017-15413 [HIGH] CWE-704 CVE-2017-15413: Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15426MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15426 [MEDIUM] CWE-20 CVE-2017-15426: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote a
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
nvd
CVE-2017-15423MEDIUMCVSS 5.3v6.02018-08-28
CVE-2017-15423 [MEDIUM] CWE-310 CVE-2017-15423: Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a re
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
nvd
CVE-2017-15417MEDIUMCVSS 5.3v6.02018-08-28
CVE-2017-15417 [MEDIUM] CWE-119 CVE-2017-15417: Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2017-15396MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15396 [MEDIUM] CWE-119 CVE-2017-15396: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ b
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2017-15420MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15420 [MEDIUM] CWE-20 CVE-2017-15420: Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2017-15418MEDIUMCVSS 4.3v6.02018-08-28
CVE-2017-15418 [MEDIUM] CWE-119 CVE-2017-15418: Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2017-15429MEDIUMCVSS 6.1v6.02018-08-28
CVE-2017-15429 [MEDIUM] CWE-79 CVE-2017-15429: Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 a
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
nvd
CVE-2017-15427MEDIUMCVSS 6.1v6.02018-08-28
CVE-2017-15427 [MEDIUM] CWE-79 CVE-2017-15427: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
nvd
CVE-2017-15424MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15424 [MEDIUM] CWE-20 CVE-2017-15424: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote a
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
nvd
CVE-2017-15415MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15415 [MEDIUM] CWE-119 CVE-2017-15415: Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to l
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
nvd
CVE-2017-15425MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15425 [MEDIUM] CWE-20 CVE-2017-15425: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote a
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
nvd
CVE-2017-15419MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15419 [MEDIUM] CWE-601 CVE-2017-15419: Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowe
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
nvd
CVE-2017-15422MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15422 [MEDIUM] CWE-190 CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2017-15416MEDIUMCVSS 6.5v6.02018-08-28
CVE-2017-15416 [MEDIUM] CWE-119 CVE-2017-15416: Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
nvd
CVE-2018-15909HIGHCVSS 7.8v7.02018-08-27
CVE-2018-15909 [HIGH] CWE-704 CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
nvd
CVE-2018-15910HIGHCVSS 7.8v7.02018-08-27
CVE-2018-15910 [HIGH] CWE-704 CVE-2018-15910: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
nvd