Enterprise Linux Desktop
by Red Hat
CVEs (999)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11215 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --… | ||
| CVE-2017-11213 | Cri | 0.64 | 9.8 | 0.07 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an… | ||
| CVE-2017-14746 | Cri | 0.64 | 9.8 | 0.10 | Nov 27, 2017 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | ||
| CVE-2017-1000116 | Cri | 0.64 | 9.8 | 0.06 | Oct 5, 2017 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | ||
| CVE-2017-12987 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | ||
| CVE-2017-12902 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | ||
| CVE-2017-12899 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | ||
| CVE-2017-12896 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | ||
| CVE-2017-14064 | Cri | 0.64 | 9.8 | 0.09 | Aug 31, 2017 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of… | ||
| CVE-2017-9788 | Cri | 0.64 | 9.1 | 0.57 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment… | ||
| CVE-2016-7050 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2017 | SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | ||
| CVE-2016-5405 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2017 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. | ||
| CVE-2016-9843 | Cri | 0.64 | 9.8 | 0.06 | May 23, 2017 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | ||
| CVE-2016-9841 | Cri | 0.64 | 9.8 | 0.07 | May 23, 2017 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||
| CVE-2017-5205 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | ||
| CVE-2017-5204 | Cri | 0.64 | 9.8 | 0.06 | Jan 28, 2017 | The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | ||
| CVE-2017-5203 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | ||
| CVE-2017-5202 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | ||
| CVE-2016-9636 | Cri | 0.64 | 9.8 | 0.09 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond… | ||
| CVE-2016-9635 | Cri | 0.64 | 9.8 | 0.09 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond… |
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an…
- risk 0.64cvss 9.8epss 0.10
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
- risk 0.64cvss 9.8epss 0.06
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
- risk 0.64cvss 9.8epss 0.03
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
- risk 0.64cvss 9.8epss 0.03
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
- risk 0.64cvss 9.8epss 0.03
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
- risk 0.64cvss 9.8epss 0.03
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
- risk 0.64cvss 9.8epss 0.09
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…
- risk 0.64cvss 9.1epss 0.57
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…
- risk 0.64cvss 9.8epss 0.05
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
- risk 0.64cvss 9.8epss 0.06
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
- risk 0.64cvss 9.8epss 0.07
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- risk 0.64cvss 9.8epss 0.04
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
- risk 0.64cvss 9.8epss 0.06
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
- risk 0.64cvss 9.8epss 0.04
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
- risk 0.64cvss 9.8epss 0.04
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond…
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond…
Page 4 of 50