Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-08 | CVE-2018-19107 | Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 6.5 |
2018-11-07 | CVE-2018-19058 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
2018-11-02 | CVE-2018-18897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
2018-10-31 | CVE-2016-2125 | Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. | 6.5 |
2018-10-26 | CVE-2018-15688 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | 5.8 |
2018-10-23 | CVE-2018-18585 | NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | 4.3 |
2018-10-19 | CVE-2018-18521 | Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 4.3 |
2018-10-19 | CVE-2018-18520 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. | 4.3 |
2018-10-18 | CVE-2018-12387 | Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. | 6.4 |
2018-10-18 | CVE-2018-12386 | Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. | 5.8 |