Redhat

Enterprise Linux Desktop

1928 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-17972

  • EPSS 0.05%
  • Published 03.10.2018 22:29:00
  • Last modified 21.11.2024 03:55:18

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwindi...

6.5

CVE-2018-17581

Exploit
  • EPSS 0.2%
  • Published 28.09.2018 09:29:00
  • Last modified 21.11.2024 03:54:38

CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

5

CVE-2018-14650

Exploit
  • EPSS 0.04%
  • Published 27.09.2018 20:29:00
  • Last modified 21.11.2024 03:49:30

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-coll...

7.8

CVE-2018-14634

Exploit
  • EPSS 3.32%
  • Published 25.09.2018 21:29:00
  • Last modified 21.11.2024 03:49:28

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6...

8.8

CVE-2018-6054

  • EPSS 1.44%
  • Published 25.09.2018 14:29:04
  • Last modified 21.11.2024 04:09:58

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

6.5

CVE-2018-6049

  • EPSS 0.69%
  • Published 25.09.2018 14:29:03
  • Last modified 21.11.2024 04:09:57

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.

6.5

CVE-2018-6050

  • EPSS 0.91%
  • Published 25.09.2018 14:29:03
  • Last modified 21.11.2024 04:09:57

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3

CVE-2018-6051

  • EPSS 0.57%
  • Published 25.09.2018 14:29:03
  • Last modified 21.11.2024 04:09:57

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

4.3

CVE-2018-6052

  • EPSS 0.84%
  • Published 25.09.2018 14:29:03
  • Last modified 21.11.2024 04:09:58

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.

4.3

CVE-2018-6053

  • EPSS 0.17%
  • Published 25.09.2018 14:29:03
  • Last modified 21.11.2024 04:09:58

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.