Linux Desktop Red Hat Linux Desktop

Do you want an email whenever new security vulnerabilities are reported in Red Hat Linux Desktop?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Linux Desktop . Linux Desktop did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 45 7.55

It may take a day or so for new Linux Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Linux Desktop Security Vulnerabilities

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80

CVE-2018-18359 8.8 - High - December 11, 2018

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Out-of-bounds Read

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98

CVE-2018-17481 8.8 - High - December 11, 2018

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80

CVE-2018-18336 8.8 - High - December 11, 2018

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80

CVE-2018-18337 8.8 - High - December 11, 2018

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80

CVE-2018-18338 8.8 - High - December 11, 2018

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80

CVE-2018-18339 8.8 - High - December 11, 2018

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80

CVE-2018-18340 8.8 - High - December 11, 2018

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80

CVE-2018-18341 8.8 - High - December 11, 2018

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80

CVE-2018-18343 8.8 - High - December 11, 2018

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80

CVE-2018-18346 6.5 - Medium - December 11, 2018

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80

CVE-2018-18347 8.8 - High - December 11, 2018

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

Improper Input Validation

Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117

CVE-2018-6102 4.3 - Medium - December 04, 2018

Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Improper Input Validation

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117

CVE-2018-6116 6.5 - Medium - December 04, 2018

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

NULL Pointer Dereference

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117

CVE-2018-6108 6.5 - Medium - December 04, 2018

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117

CVE-2018-6107 6.5 - Medium - December 04, 2018

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117

CVE-2018-6105 6.5 - Medium - December 04, 2018

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117

CVE-2018-6104 6.5 - Medium - December 04, 2018

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117

CVE-2018-6103 6.5 - Medium - December 04, 2018

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117

CVE-2018-6101 7.5 - High - December 04, 2018

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.

Improper Input Validation

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117

CVE-2018-6099 6.5 - Medium - December 04, 2018

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

Information Disclosure

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117

CVE-2018-6095 6.5 - Medium - December 04, 2018

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.

Information Disclosure

Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117

CVE-2018-6085 8.8 - High - December 04, 2018

Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Dangling pointer

A double-eviction in the Incognito mode cache

CVE-2018-6086 8.8 - High - December 04, 2018

A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Dangling pointer

A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117

CVE-2018-6087 8.8 - High - December 04, 2018

A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Dangling pointer

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117

CVE-2018-6088 8.8 - High - December 04, 2018

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Improper Input Validation

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117

CVE-2018-6089 6.5 - Medium - December 04, 2018

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

Improper Input Validation

An integer overflow

CVE-2018-6090 8.8 - High - December 04, 2018

An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Integer Overflow or Wraparound

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117

CVE-2018-6092 8.8 - High - December 04, 2018

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Integer Overflow or Wraparound

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117

CVE-2018-6094 8.8 - High - December 04, 2018

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117

CVE-2018-6098 6.5 - Medium - December 04, 2018

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146

CVE-2018-6069 6.5 - Medium - November 14, 2018

Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Memory Corruption

An integer overflow in Skia in Google Chrome prior to 65.0.3325.146

CVE-2018-6071 8.8 - High - November 14, 2018

An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Integer Overflow or Wraparound

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146

CVE-2018-6072 8.8 - High - November 14, 2018

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146

CVE-2018-6073 8.8 - High - November 14, 2018

A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Memory Corruption

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146

CVE-2018-6074 8.8 - High - November 14, 2018

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.

Improper Input Validation

Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146

CVE-2018-6068 4.3 - Medium - November 14, 2018

Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Improper Input Validation

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146

CVE-2018-6075 6.5 - Medium - November 14, 2018

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

Information Disclosure

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146

CVE-2018-6076 6.1 - Medium - November 14, 2018

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.

XSS

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146

CVE-2018-6081 6.1 - Medium - November 14, 2018

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.

XSS

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67

CVE-2018-17473 4.3 - Medium - November 14, 2018

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67

CVE-2018-17469 8.8 - High - November 14, 2018

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Out-of-bounds Read

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67

CVE-2018-17464 4.3 - Medium - November 14, 2018

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64

CVE-2018-17463 8.8 - High - November 14, 2018

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67

CVE-2018-17462 9.6 - Critical - November 14, 2018

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

Dangling pointer

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146

CVE-2018-6066 6.5 - Medium - November 14, 2018

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Linux Workstation or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe