Enterprise Linux Workstation

enterprise_linux_workstation

Vendor: Redhat • 1,845 CVEs

CVEs (1,845)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15423 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
CVE-2017-15422 5Canonical DebianGoogle+2 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to p...Show more Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.Show less
CVE-2017-15420 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15419 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
CVE-2017-15418 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-15417 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2017-15416 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
CVE-2017-15415 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
CVE-2017-15413 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15412 4Debian GoogleRedhat+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15411 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2017-15410 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2017-15409 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15408 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
CVE-2017-15407 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
CVE-2018-15911 5Artifex CanonicalDebian+2 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Aug 28, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
CVE-2018-15910 5Artifex CanonicalDebian+2 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Aug 27, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
CVE-2018-15909 5Artifex CanonicalDebian+2 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Aug 27, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
CVE-2018-15908 4Artifex CanonicalDebian+1 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Aug 27, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
CVE-2011-2767 4Apache CanonicalDebian+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Aug 26, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code fo...Show more mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.Show less

Previous 1...282930...93 Next