Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Desktop
Total 1884 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5131 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2019-03-08 4.3 MEDIUM 5.9 MEDIUM
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVE-2018-5144 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox Esr and 6 more 2019-03-08 7.5 HIGH 7.3 HIGH
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
CVE-2018-5130 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2019-03-08 6.8 MEDIUM 8.8 HIGH
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVE-2018-5750 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2019-03-07 2.1 LOW 5.5 MEDIUM
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-5000 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4945 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5001 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-16541 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-16539 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
CVE-2018-6927 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2019-03-06 4.6 MEDIUM 7.8 HIGH
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2018-10119 4 Canonical, Debian, Libreoffice and 1 more 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more 2019-03-05 6.8 MEDIUM 7.8 HIGH
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
CVE-2018-17466 4 Canonical, Debian, Google and 1 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2019-03-05 6.8 MEDIUM 8.8 HIGH
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-7549 3 Canonical, Redhat, Zsh 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-03-04 5.0 MEDIUM 7.5 HIGH
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-12390 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2019-03-01 7.5 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
CVE-2018-12389 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox Esr and 7 more 2019-03-01 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
CVE-2018-12397 4 Canonical, Debian, Mozilla and 1 more 8 Ubuntu Linux, Debian Linux, Firefox and 5 more 2019-03-01 3.6 LOW 7.1 HIGH
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
CVE-2018-6152 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-02-05 6.8 MEDIUM 9.6 CRITICAL
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
CVE-2018-6091 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-01-30 4.3 MEDIUM 6.5 MEDIUM
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6096 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-01-30 4.3 MEDIUM 6.5 MEDIUM
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
CVE-2018-6100 4 Apple, Debian, Google and 1 more 6 Mac Os X, Debian Linux, Chrome and 3 more 2019-01-30 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.