Enterprise Linux Desktop Security Vulnerabilities and Issues — Page 6 of Enterprise Linux Desktop CVE List

Lucene search

RedhatEnterprise Linux Desktop

282 matches found

CVE•added 2019/01/09 7:29 p.m.•105 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS7.1AI score0.0077EPSS

CVE•added 2019/06/12 4:29 p.m.•105 views

CVE-2019-7845

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

8.8CVSS8.8AI score0.02356EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-16066

A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.3AI score0.01496EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-16067

A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.3AI score0.0138EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.5AI score0.0122EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

5.8CVSS6AI score0.00963EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-6135

Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS5.7AI score0.00963EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-6144

Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

8.8CVSS6AI score0.01655EPSS

CVE•added 2019/01/09 7:29 p.m.•104 views

CVE-2018-6170

A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.3AI score0.01655EPSS

CVE•added 2019/01/09 7:29 p.m.•103 views

CVE-2018-16088

A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.

6.5CVSS6.7AI score0.00429EPSS

CVE•added 2019/01/09 7:29 p.m.•100 views

CVE-2018-6109

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

6.5CVSS6.4AI score0.00844EPSS

CVE•added 2019/01/09 7:29 p.m.•99 views

CVE-2018-6174

Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.3AI score0.02016EPSS

CVE•added 2019/01/09 7:29 p.m.•97 views

CVE-2018-6151

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.

8.8CVSS8AI score0.00676EPSS

CVE•added 2019/01/09 7:29 p.m.•97 views

CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.

6.5CVSS6.4AI score0.0082EPSS

CVE•added 2019/01/09 7:29 p.m.•94 views

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.2AI score0.01391EPSS

CVE•added 2019/10/17 6:15 p.m.•94 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

9.1CVSS9AI score0.005EPSS

CVE•added 2019/01/09 7:29 p.m.•93 views

CVE-2018-17461

An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8AI score0.00377EPSS

CVE•added 2019/11/04 9:15 p.m.•91 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS

CVE•added 2019/01/09 7:29 p.m.•91 views

CVE-2018-6162

Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.0161EPSS

CVE•added 2019/01/09 7:29 p.m.•90 views

CVE-2018-6117

Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00992EPSS

CVE•added 2019/02/11 3:29 p.m.•89 views

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

9.8CVSS6.2AI score0.00762EPSS

CVE•added 2019/11/04 9:15 p.m.•88 views

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.6AI score0.00272EPSS

CVE•added 2019/05/22 7:29 p.m.•87 views

CVE-2019-7837

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.01421EPSS

CVE•added 2019/01/09 7:29 p.m.•86 views

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.9AI score0.56491EPSS

CVE•added 2019/01/09 7:29 p.m.•86 views

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.

6.5CVSS6.3AI score0.00963EPSS

CVE•added 2019/01/09 7:29 p.m.•84 views

CVE-2018-6147

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

5.5CVSS5AI score0.00029EPSS

CVE•added 2019/01/09 7:29 p.m.•80 views

CVE-2018-6113

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.2AI score0.00963EPSS

CVE•added 2019/07/30 2:15 p.m.•77 views

CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the mod...

7.4CVSS8.2AI score0.01505EPSS

CVE•added 2019/01/09 7:29 p.m.•65 views

CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

7.8CVSS7.8AI score0.0013EPSS

CVE•added 2019/05/07 2:29 p.m.•65 views

CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

7CVSS6.6AI score0.00049EPSS

CVE•added 2019/01/09 7:29 p.m.•64 views

CVE-2018-6100

Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.4AI score0.00963EPSS

CVE•added 2019/11/20 3:15 p.m.•57 views

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

5.5CVSS5.4AI score0.00026EPSS

Total number of security vulnerabilities282