Enterprise Linux Server

enterprise_linux_server

Vendor: Redhat • 1,891 CVEs

CVEs (1,891)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-12389 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be...Show more Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.Show less
CVE-2019-1559 13Canonical DebianF5+10 more 82A220 Firmware A320 FirmwareA800 Firmware+79 more Nov 21, 2024 Feb 27, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte r...Show more If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).Show less
CVE-2019-5782 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5781 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5780 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5779 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-5778 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension...Show more A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.Show less
CVE-2019-5777 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5776 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5775 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5774 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary...Show more Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.Show less
CVE-2019-5773 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
CVE-2019-5772 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2019-5771 3Fedoraproject GoogleRedhat 5Chrome Enterprise Linux DesktopEnterprise Linux Server+2 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2019-5770 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5769 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5768 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chr...Show more DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.Show less
CVE-2019-5767 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web...Show more Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.Show less
CVE-2019-5766 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5765 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

Previous 1...121314...95 Next