Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

288 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16863 2 Artifex, Redhat 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted...
CVE-2018-15688 4 Freedesktop, Canonical, Debian and 1 more 9 Systemd, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
CVE-2018-14649 1 Redhat 5 Ceph-iscsi-cli, Ceph Storage, Enterprise Linux Desktop and 2 more 2019-10-09 10.0
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows...
CVE-2017-2640 3 Pidgin, Debian, Redhat 7 Pidgin, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 7.5
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
CVE-2017-2634 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-10-09 7.8
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory...
CVE-2017-15101 2 Redhat, Liblouis 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 3 more 2019-10-09 7.5
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
CVE-2017-0903 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 7.5
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to...
CVE-2017-0899 3 Rubygems, Debian, Redhat 8 Rubygems, Debian Linux, Enterprise Linux Desktop and 5 more 2019-10-09 7.5
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2017-5456 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2019-10-03 7.5
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1...
CVE-2017-1000116 3 Mercurial, Debian, Redhat 8 Mercurial, Debian Linux, Enterprise Linux Desktop and 5 more 2019-10-03 10.0
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2018-14354 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-12825 2 Adobe, Redhat 4 Flash Player, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-03 7.5
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
CVE-2017-5390 3 Mozilla, Debian, Redhat 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-10-03 7.5
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox...
CVE-2017-5386 3 Mozilla, Debian, Redhat 9 Firefox, Firefox Esr, Debian Linux and 6 more 2019-10-03 7.5
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR <...
CVE-2018-1111 2 Redhat, Fedoraproject 7 Enterprise Virtualization, Enterprise Virtualization Host, Fedora and 4 more 2019-10-03 7.9
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local...
CVE-2017-9462 4 Mercurial-scm, Mercurial, Debian and 1 more 9 Mercurial, Mercurial, Debian Linux and 6 more 2019-10-03 9.0
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
CVE-2018-14357 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.