Vulnerabilities > Redhat > Enterprise Linux Desktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-25 | CVE-2018-6036 | Improper Input Validation vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6035 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | 8.8 |
| 2018-09-25 | CVE-2018-6034 | Out-of-bounds Read vulnerability in multiple products Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.1 |
| 2018-09-25 | CVE-2018-6033 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. | 8.8 |
| 2018-09-25 | CVE-2018-6032 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6031 | Use After Free vulnerability in multiple products Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
| 2018-09-25 | CVE-2018-15967 | Information Exposure vulnerability in multiple products Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. | 7.5 |
| 2018-09-25 | CVE-2018-14647 | Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. | 7.5 |
| 2018-09-19 | CVE-2018-17183 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | 7.8 |
| 2018-09-17 | CVE-2018-11781 | Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | 7.8 |