Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-18017 | Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | 9.8 |
| 2017-12-18 | CVE-2017-16997 | Untrusted Search Path vulnerability in multiple products elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. | 9.3 |
| 2017-12-15 | CVE-2017-17405 | OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. | 9.3 |
| 2017-12-09 | CVE-2017-11213 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. | 10.0 |
| 2017-12-09 | CVE-2017-11215 | Use After Free vulnerability in multiple products An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. | 10.0 |
| 2017-12-09 | CVE-2017-11225 | Use After Free vulnerability in multiple products An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. | 10.0 |
| 2017-12-09 | CVE-2017-3112 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. | 10.0 |
| 2017-12-09 | CVE-2017-3114 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. | 10.0 |
| 2017-10-27 | CVE-2017-5053 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. | 9.6 |
| 2017-10-05 | CVE-2017-1000116 | OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | 10.0 |