Vulnerabilities > Redhat > Enterprise Linux Workstation > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2017-15418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google redhat debian CWE-119
4.3
2018-08-28 CVE-2017-15417 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
high complexity
google redhat debian CWE-119
5.3
2018-08-28 CVE-2017-15416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
network
low complexity
redhat debian google CWE-119
6.5
2018-08-28 CVE-2017-15415 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
network
low complexity
debian redhat google CWE-119
6.5
2018-08-22 CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
local
high complexity
gnu redhat canonical fedoraproject debian
5.6
2018-08-22 CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
2018-08-22 CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
2018-08-20 CVE-2018-1656 Path Traversal vulnerability in multiple products
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files.
network
low complexity
ibm redhat oracle CWE-22
6.5
2018-08-20 CVE-2015-5160 Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
local
low complexity
libvirt redhat CWE-200
5.5
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3