Redhat: >> Enterprise Linux Desktop Security Vulnerabilities
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVSS Score
7.8
EPSS Score
0.924
Published
2018-09-05
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-09-05
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
CVSS Score
6.5
EPSS Score
0.046
Published
2018-09-04
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-09-04
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-09-03
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
CVSS Score
5.3
EPSS Score
0.026
Published
2018-08-30
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
CVSS Score
9.8
EPSS Score
0.15
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.021
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.268
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.15
Published
2018-08-29