CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux Workstation : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2018-6152 434 2018-12-04 2019-02-05
6.8
None Remote Medium Not required Partial Partial Partial
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
102 CVE-2018-6151 125 2019-01-09 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
103 CVE-2018-6144 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
104 CVE-2018-6141 125 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
105 CVE-2018-6139 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
106 CVE-2018-6127 416 2019-01-09 2019-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
107 CVE-2018-6126 787 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
108 CVE-2018-6124 704 2019-01-09 2019-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
109 CVE-2018-6120 787 Exec Code Overflow 2019-01-09 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
110 CVE-2018-6111 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
111 CVE-2018-6106 19 2019-01-09 2019-01-30
6.8
None Remote Medium Not required Partial Partial Partial
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
112 CVE-2018-6083 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
113 CVE-2018-6067 125 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
114 CVE-2018-6065 787 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
115 CVE-2018-6064 704 2018-11-14 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
116 CVE-2018-6063 787 2018-11-14 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
117 CVE-2018-6062 787 Overflow 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
118 CVE-2018-6060 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
119 CVE-2018-6057 732 Bypass 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
120 CVE-2018-6056 704 Exec Code 2019-01-09 2019-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
121 CVE-2018-6054 416 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
122 CVE-2018-6043 20 2018-09-25 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
123 CVE-2018-6035 200 +Info 2018-09-25 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
124 CVE-2018-6033 20 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
125 CVE-2018-6031 416 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
126 CVE-2018-5805 787 Overflow 2018-12-07 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
127 CVE-2018-5802 125 2018-12-07 2020-11-10
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
128 CVE-2018-5729 476 DoS Bypass 2018-03-06 2021-10-18
6.5
None Remote Low ??? Partial Partial Partial
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
129 CVE-2018-5345 787 Exec Code Overflow 2018-01-12 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
130 CVE-2018-5178 119 Overflow 2018-06-11 2019-03-11
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
131 CVE-2018-5158 94 2018-06-11 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
132 CVE-2018-5146 787 2018-06-11 2019-03-11
6.8
None Remote Medium Not required Partial Partial Partial
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
133 CVE-2018-5130 20 2018-06-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
134 CVE-2018-5127 119 Overflow 2018-06-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
135 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
136 CVE-2018-5007 704 Exec Code 2018-07-20 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
137 CVE-2018-4945 704 Exec Code 2018-07-09 2019-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
138 CVE-2018-3183 2018-10-17 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
139 CVE-2018-3180 DoS 2018-10-17 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
140 CVE-2017-1000407 754 DoS 2017-12-11 2019-05-14
6.1
None Local Network Low Not required None None Complete
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
141 CVE-2017-1000083 Exec Code 2017-09-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
142 CVE-2017-15413 704 2018-08-28 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
143 CVE-2017-15412 416 2018-08-28 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
144 CVE-2017-15411 416 2018-08-28 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
145 CVE-2017-15410 416 2018-08-28 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
146 CVE-2017-15409 119 Overflow 2018-08-28 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
147 CVE-2017-15408 119 Overflow 2018-08-28 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
148 CVE-2017-15407 787 Exec Code 2018-08-28 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
149 CVE-2017-12171 20 2018-07-26 2019-10-09
6.4
None Remote Low Not required Partial Partial None
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
150 CVE-2017-9788 200 DoS +Info 2017-07-13 2021-06-06
6.4
None Remote Low Not required Partial None Partial
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Total number of vulnerabilities : 242   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.