Enterprise Linux Workstation Security Vulnerabilities and Issues — Page 37 of Enterprise Linux Workstation CVE List

Lucene search

RedhatEnterprise Linux Workstation

1845 matches found

CVE•added 2016/06/05 11:59 p.m.•62 views

CVE-2016-1685

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

6.5CVSS6.5AI score0.01451EPSS

CVE•added 2016/06/05 11:59 p.m.•62 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.01428EPSS

CVE•added 2016/06/16 2:59 p.m.•62 views

CVE-2016-4131

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2016/06/16 2:59 p.m.•62 views

CVE-2016-4147

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/08/10 2:59 p.m.•62 views

CVE-2016-5408

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-201...

9.8CVSS8.9AI score0.05513EPSS

CVE•added 2008/08/08 7:41 p.m.•61 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS

CVE•added 2012/10/09 11:55 p.m.•61 views

CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

2.1CVSS6AI score0.00039EPSS

CVE•added 2016/06/16 2:59 p.m.•61 views

CVE-2016-4139

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2017/04/11 6:59 p.m.•61 views

CVE-2016-4444

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

7CVSS6.9AI score0.0007EPSS

CVE•added 2018/08/29 1:29 p.m.•61 views

CVE-2018-12826

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.9AI score0.02143EPSS

CVE•added 2018/08/29 1:29 p.m.•61 views

CVE-2018-12828

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.1AI score0.17319EPSS

CVE•added 2016/06/05 11:59 p.m.•60 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS

CVE•added 2010/01/27 5:30 p.m.•59 views

CVE-2009-4272

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash ch...

7.8CVSS6.9AI score0.0181EPSS

CVE•added 2022/09/29 3:15 a.m.•59 views

CVE-2014-0148

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user abl...

5.5CVSS6.5AI score0.00061EPSS

CVE•added 2012/08/29 10:56 a.m.•58 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS

CVE•added 2013/05/16 11:45 a.m.•58 views

CVE-2013-2728

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•58 views

CVE-2013-3332

10CVSS7.7AI score0.03998EPSS

CVE•added 2015/10/09 2:59 p.m.•58 views

CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

6.8CVSS6.8AI score0.0092EPSS

CVE•added 2016/06/05 11:59 p.m.•58 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00847EPSS

CVE•added 2006/10/05 4:4 a.m.•57 views

CVE-2006-5158

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

7.5CVSS7.1AI score0.03256EPSS

CVE•added 2019/11/20 3:15 p.m.•57 views

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

5.5CVSS5.4AI score0.00026EPSS

CVE•added 2013/05/21 6:55 p.m.•57 views

CVE-2012-6137

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

4.3CVSS7.1AI score0.0025EPSS

CVE•added 2015/10/09 2:59 p.m.•56 views

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

4.3CVSS6.5AI score0.00938EPSS

CVE•added 2018/06/22 1:29 p.m.•56 views

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

6.5CVSS6.1AI score0.10986EPSS

CVE•added 2012/11/21 12:55 p.m.•55 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS

CVE•added 2014/05/02 2:55 p.m.•55 views

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

2.1CVSS6.2AI score0.00074EPSS

CVE•added 2016/06/05 11:59 p.m.•55 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS

CVE•added 2013/12/27 1:55 a.m.•54 views

CVE-2011-2519

Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.

5.5CVSS6.8AI score0.00137EPSS

CVE•added 2012/11/21 12:55 p.m.•54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS

CVE•added 2013/05/16 11:45 a.m.•54 views

CVE-2013-3327

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•54 views

CVE-2013-3330

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•53 views

CVE-2013-3324

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•53 views

CVE-2013-3326

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•53 views

CVE-2013-3333

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/02/13 1:55 a.m.•52 views

CVE-2013-0241

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

2.1CVSS6AI score0.00059EPSS

CVE•added 2014/12/25 9:59 p.m.•52 views

CVE-2014-7300

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a...

7.2CVSS7.2AI score0.00044EPSS

CVE•added 2017/04/11 6:59 p.m.•51 views

CVE-2016-4989

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in ...

7CVSS6.8AI score0.0007EPSS

CVE•added 2013/05/16 11:45 a.m.•50 views

CVE-2013-3329

10CVSS7.7AI score0.03998EPSS

CVE•added 2017/04/11 6:59 p.m.•50 views

CVE-2016-4446

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

7CVSS6.9AI score0.0007EPSS

CVE•added 2013/05/16 11:45 a.m.•49 views

CVE-2013-3335

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•48 views

CVE-2013-3325

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•48 views

CVE-2013-3328

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•46 views

CVE-2013-3331

10CVSS7.7AI score0.03998EPSS

CVE•added 2014/11/14 3:59 p.m.•46 views

CVE-2014-8567

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

9.4CVSS6.3AI score0.04434EPSS

CVE•added 2013/05/16 11:45 a.m.•44 views

CVE-2013-3334

10CVSS7.7AI score0.03998EPSS

Total number of security vulnerabilities1845