Enterprise Linux Workstation

enterprise_linux_workstation

Vendor: Redhat • 1,845 CVEs

CVEs (1,845)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-5762 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVE-2019-5761 3Fedoraproject GoogleRedhat 5Chrome Enterprise Linux DesktopEnterprise Linux Server+2 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5760 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5759 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2019-5758 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5757 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
CVE-2019-5756 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVE-2019-5755 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
CVE-2019-5754 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
CVE-2019-8383 4Advancemame DebianFedoraproject+1 more 6Advancecomp Debian LinuxEnterprise Linux For Power Little Endian+3 more Nov 21, 2024 Feb 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to ca...Show more An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-8379 4Advancemame DebianFedoraproject+1 more 6Advancecomp Debian LinuxEnterprise Linux For Power Little Endian+3 more Nov 21, 2024 Feb 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attack...Show more An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-6974 5Canonical DebianF5+2 more 24Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+21 more Nov 21, 2024 Feb 15, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-8308 3Debian FlatpakRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Feb 12, 2019 N/A· v4 8.2 HIGH· v3 4.4 MEDIUM· v2 Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2018-12549 2Eclipse Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-12547 2Eclipse Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. Thi...Show more In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.Show less
CVE-2019-7665 5Canonical DebianElfutils Project+2 more 11Debian Linux ElfutilsEnterprise Linux+8 more Nov 21, 2024 Feb 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash...Show more In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.Show less
CVE-2019-7664 2Elfutils Project Redhat 8Elfutils Enterprise LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Feb 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program...Show more In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).Show less
CVE-2018-18506 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more Nov 21, 2024 Feb 5, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the p...Show more When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.Show less
CVE-2018-18505 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 5, 2019 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is ins...Show more An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.Show less
CVE-2018-18501 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Feb 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.Show less

Previous 1...131415...93 Next