Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16542 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
CVE-2018-16541 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-16540 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
CVE-2018-16539 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
CVE-2018-16511 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
CVE-2018-16509 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 5 more 2024-11-21 9.3 HIGH 7.8 HIGH
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVE-2018-16435 4 Canonical, Debian, Littlecms and 1 more 6 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 3 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16088 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
CVE-2018-16084 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
CVE-2018-16083 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-16082 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2018-16081 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 7.4 HIGH
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.
CVE-2018-16079 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 2.6 LOW 5.3 MEDIUM
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2018-16078 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2018-16076 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
CVE-2018-16071 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVE-2018-16068 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2018-16067 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-16066 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.