Enterprise Linux Desktop

enterprise_linux_desktop

Vendor: Redhat • 1,928 CVEs

CVEs (1,928)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-6764 3Canonical DebianRedhat 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a craf...Show more util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.Show less
CVE-2018-7225 4Canonical DebianLibvncserver Project+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspe...Show more An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.Show less
CVE-2018-7208 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Feb 18, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial o...Show more In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.Show less
CVE-2018-1049 4Canonical DebianRedhat+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Aus+8 more Nov 21, 2024 Feb 16, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes tha...Show more In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.Show less
CVE-2018-6927 4Canonical DebianLinux+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Feb 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wak...Show more The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.Show less
CVE-2018-1000026 4Canonical DebianLinux+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Feb 9, 2018 N/A· v4 7.7 HIGH· v3 6.8 MEDIUM· v2 Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes car...Show more Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..Show less
CVE-2018-6871 4Canonical DebianLibreoffice+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Feb 9, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
CVE-2018-4878 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 18, 2025 Feb 6, 2018 N/A· v4 7.8 HIGH· v3 7.5 HIGH· v2 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A succ...Show more A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.Show less
CVE-2018-4877 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality....Show more A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.Show less
CVE-2018-6560 2Flatpak Redhat 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 more Nov 21, 2024 Feb 2, 2018 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not ident...Show more In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.Show less
CVE-2018-6485 4Gnu NetappOracle+1 more 15Cloud Backup Communications Session Border ControllerData Ontap Edge+12 more Nov 21, 2024 Feb 1, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too...Show more An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.Show less
CVE-2018-1000001 3Canonical GnuRedhat 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Jan 31, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018-5750 4Canonical DebianLinux+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Jan 26, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-5748 2Debian Redhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Jan 25, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2018-1000007 5Canonical DebianFujitsu+2 more 14Curl Debian LinuxEnterprise Linux Desktop+11 more Nov 21, 2024 Jan 24, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL...Show more libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.Show less
CVE-2018-5683 4Canonical DebianQemu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 23, 2018 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2018-5950 4Canonical DebianGnu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 23, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
CVE-2018-2678 6Canonical DebianHp+3 more 16Debian Linux Enterprise Linux DesktopEnterprise Linux Server+13 more Nov 21, 2024 Jan 18, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:...Show more Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).Show less
CVE-2018-2677 6Canonical DebianHp+3 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more Nov 21, 2024 Jan 18, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable...Show more Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).Show less
CVE-2018-2668 6Canonical DebianMariadb+3 more 15Active Iq Unified Manager Debian LinuxEnterprise Linux Desktop+12 more Nov 21, 2024 Jan 18, 2018 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerab...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less

Previous 1...444546...97 Next