Enterprise Linux Workstation
by Red Hat
CVEs (891)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5098 | Hig | 0.58 | 8.8 | 0.16 | Oct 27, 2017 | A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2017-0903 | Cri | 0.58 | 9.8 | 0.16 | Oct 11, 2017 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | ||
| CVE-2017-14495 | Hig | 0.58 | 7.5 | 0.84 | Oct 3, 2017 | Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | ||
| CVE-2017-1000083 | Hig | 0.58 | 7.8 | 0.50 | Sep 5, 2017 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a… | ||
| CVE-2017-0899 | Cri | 0.58 | 9.8 | 0.11 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | ||
| CVE-2016-9842 | Hig | 0.58 | 8.8 | 0.05 | May 23, 2017 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | ||
| CVE-2016-9840 | Hig | 0.58 | 8.8 | 0.05 | May 23, 2017 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||
| CVE-2017-3074 | Hig | 0.58 | 8.8 | 0.05 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3073 | Hig | 0.58 | 8.8 | 0.05 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3072 | Hig | 0.58 | 8.8 | 0.05 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3071 | Hig | 0.58 | 8.8 | 0.06 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3070 | Hig | 0.58 | 8.8 | 0.05 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3069 | Hig | 0.58 | 8.8 | 0.05 | May 9, 2017 | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7865 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7864 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7863 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7862 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7861 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7860 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-7859 | Hig | 0.58 | 8.8 | 0.07 | Nov 8, 2016 | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. |
- risk 0.58cvss 8.8epss 0.16
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.58cvss 9.8epss 0.16
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
- risk 0.58cvss 7.5epss 0.84
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
- risk 0.58cvss 7.8epss 0.50
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a…
- risk 0.58cvss 9.8epss 0.11
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
- risk 0.58cvss 8.8epss 0.05
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
- risk 0.58cvss 8.8epss 0.05
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.06
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Page 7 of 45