Vulnerabilities > Redhat > Enterprise Linux Desktop > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7826 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. | 10.0 |
| 2018-05-19 | CVE-2018-4944 | Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. | 10.0 |
| 2018-05-18 | CVE-2018-11236 | Integer Overflow or Wraparound vulnerability in multiple products stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | 9.8 |
| 2018-03-26 | CVE-2018-1312 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. | 9.8 |
| 2018-03-23 | CVE-2018-1000140 | Out-of-bounds Write vulnerability in multiple products rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. | 9.8 |
| 2018-03-20 | CVE-2018-8088 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. | 9.8 |
| 2018-02-06 | CVE-2018-4877 | Use After Free vulnerability in multiple products A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. | 10.0 |
| 2018-01-03 | CVE-2017-18017 | Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | 9.8 |
| 2017-12-18 | CVE-2017-16997 | Untrusted Search Path vulnerability in multiple products elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. | 9.3 |
| 2017-12-15 | CVE-2017-17405 | OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. | 9.3 |