Redhat Enterprise Linux Desktop vulnerabilities

1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.

Total CVEs

1,928

CISA KEV

actively exploited

Public exploits

135

Exploited in wild

Severity breakdown

CRITICAL345HIGH708MEDIUM756LOW119

Vulnerabilities

Page 3 of 97

CVE-2013-4535HIGHCVSS 8.8v6.02020-02-11

CVE-2013-4535 [HIGH] CWE-20 CVE-2013-4535: The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

nvd

CVE-2020-6385HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6385 [HIGH] CWE-754 CVE-2020-6385: Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote a Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

nvd

CVE-2020-6415HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6415 [HIGH] CWE-787 CVE-2020-6415: Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote a Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6406HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6406 [HIGH] CWE-416 CVE-2020-6406: Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentia Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6390HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6390 [HIGH] CWE-787 CVE-2020-6390: Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attac Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6382HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6382 [HIGH] CWE-843 CVE-2020-6382: Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to pot Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6403MEDIUMCVSS 4.3v6.02020-02-11

CVE-2020-6403 [MEDIUM] CVE-2020-6403: Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote a Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2020-6393MEDIUMCVSS 6.5v6.02020-02-11

CVE-2020-6393 [MEDIUM] CWE-862 CVE-2020-6393: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

CVE-2020-6391MEDIUMCVSS 4.3v6.02020-02-11

CVE-2020-6391 [MEDIUM] CWE-79 CVE-2020-6391: Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2020-6396MEDIUMCVSS 4.3v6.02020-02-11

CVE-2020-6396 [MEDIUM] CVE-2020-6396: Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacke Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2020-6394MEDIUMCVSS 5.4v6.02020-02-11

CVE-2020-6394 [MEDIUM] CVE-2020-6394: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2020-6408MEDIUMCVSS 6.5v6.02020-02-11

CVE-2020-6408 [MEDIUM] CVE-2020-6408: Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attac Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

nvd

CVE-2020-6392MEDIUMCVSS 4.3v6.02020-02-11

CVE-2020-6392 [MEDIUM] CWE-79 CVE-2020-6392: Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an atta Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

nvd

CVE-2020-6397MEDIUMCVSS 6.5v6.02020-02-11

CVE-2020-6397 [MEDIUM] CVE-2020-6397: Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote atta Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

nvd

CVE-2020-6400MEDIUMCVSS 6.5v6.02020-02-11

CVE-2020-6400 [MEDIUM] CWE-203 CVE-2020-6400: Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacke Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

CVE-2012-4512HIGHCVSS 8.8PoCv6.02020-02-08

CVE-2012-4512 [HIGH] CWE-843 CVE-2012-4512: The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

nvd

CVE-2019-15605CRITICALCVSS 9.8v7.02020-02-07

CVE-2019-15605 [CRITICAL] CWE-444 CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-enc HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

nvd

CVE-2013-4166HIGHCVSS 7.5v6.02020-02-06

CVE-2013-4166 [HIGH] CWE-200 CVE-2013-4166: The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

nvd

CVE-2014-8139HIGHCVSS 7.8v6.0v7.02020-01-31

CVE-2014-8139 [HIGH] CWE-787 CVE-2014-8139: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

nvd

CVE-2014-8141HIGHCVSS 7.8v6.0v7.02020-01-31

CVE-2014-8141 [HIGH] CWE-787 CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows rem Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

nvd

← Previous3 / 97Next →