Vulnerabilities > Redhat > Enterprise Linux Desktop > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
7.5
2018-06-11 CVE-2016-9902 Origin Validation Error vulnerability in multiple products
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events.
network
low complexity
redhat mozilla CWE-346
7.5
2018-06-11 CVE-2016-9900 7PK - Security Features vulnerability in multiple products
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs.
network
low complexity
debian redhat mozilla CWE-254
7.5
2018-06-11 CVE-2016-9079 Use After Free vulnerability in multiple products
A use-after-free vulnerability in SVG Animation has been discovered.
network
low complexity
debian redhat mozilla torproject CWE-416
7.5
2018-06-08 CVE-2018-12020 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option.
network
low complexity
redhat canonical debian gnupg CWE-706
7.5
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
7.8
2018-05-23 CVE-2018-1124 Integer Overflow or Wraparound vulnerability in multiple products
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function.
7.8
2018-05-18 CVE-2018-11237 Out-of-bounds Write vulnerability in multiple products
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
local
low complexity
gnu redhat oracle netapp canonical CWE-787
7.8
2018-05-17 CVE-2018-1111 DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client.
high complexity
fedoraproject redhat
7.5
2018-05-15 CVE-2018-1087 kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.
local
low complexity
linux canonical debian redhat
7.8