Redhat

Enterprise Linux Workstation

1845 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-15127

  • EPSS 15.62%
  • Published 19.12.2018 16:29:00
  • Last modified 21.11.2024 03:50:21

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

6.5

CVE-2018-19039

  • EPSS 9.54%
  • Published 13.12.2018 19:29:00
  • Last modified 21.11.2024 03:57:12

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.

5.5

CVE-2018-18397

Exploit
  • EPSS 0.07%
  • Published 12.12.2018 10:29:00
  • Last modified 21.11.2024 03:55:52

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that fil...

6.5

CVE-2018-20097

Exploit
  • EPSS 0.63%
  • Published 12.12.2018 10:29:00
  • Last modified 21.11.2024 04:00:52

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

4.3

CVE-2018-18357

  • EPSS 0.95%
  • Published 11.12.2018 16:29:02
  • Last modified 21.11.2024 03:55:47

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

5.7

CVE-2018-18358

  • EPSS 0.12%
  • Published 11.12.2018 16:29:02
  • Last modified 21.11.2024 03:55:47

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

8.8

CVE-2018-18342

  • EPSS 1.96%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a cra...

6.5

CVE-2018-18344

  • EPSS 1%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted ...

6.5

CVE-2018-18345

  • EPSS 0.75%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

4.3

CVE-2018-18348

  • EPSS 0.95%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.