Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-07 | CVE-2018-5801 | NULL Pointer Dereference vulnerability in multiple products An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | 4.3 |
| 2018-12-07 | CVE-2018-5800 | Off-by-one Error vulnerability in multiple products An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | 4.3 |
| 2018-11-29 | CVE-2018-15978 | Out-of-bounds Read vulnerability in multiple products Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. | 5.0 |
| 2018-11-28 | CVE-2018-12121 | Resource Exhaustion vulnerability in multiple products Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. | 5.0 |
| 2018-11-26 | CVE-2018-14646 | NULL Pointer Dereference vulnerability in Linux Kernel The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. | 4.9 |
| 2018-11-26 | CVE-2018-19535 | Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | 6.5 |
| 2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
| 2018-11-14 | CVE-2018-6082 | Information Exposure vulnerability in multiple products Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | 4.7 |
| 2018-11-14 | CVE-2018-6080 | Improper Privilege Management vulnerability in multiple products Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 6.5 |
| 2018-11-14 | CVE-2018-6079 | Information Exposure vulnerability in multiple products Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |