Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
135
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 7 of 97
CVE-2019-13758MEDIUMCVSS 4.3v6.02019-12-10
CVE-2019-13758 [MEDIUM] CVE-2019-13758: Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allo
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2019-13742MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13742 [MEDIUM] CVE-2019-13742: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
nvd
CVE-2019-13749MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13749 [MEDIUM] CVE-2019-13749: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-13737MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13737 [MEDIUM] CWE-200 CVE-2019-13737: Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a rem
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2019-13753MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13753 [MEDIUM] CWE-125 CVE-2019-13753: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2019-13738MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13738 [MEDIUM] CWE-269 CVE-2019-13738: Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remot
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
nvd
CVE-2019-13755MEDIUMCVSS 4.3v6.02019-12-10
CVE-2019-13755 [MEDIUM] CVE-2019-13755: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remot
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
nvd
CVE-2019-13740MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13740 [MEDIUM] CWE-346 CVE-2019-13740: Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2019-13743MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13743 [MEDIUM] CVE-2019-13743: Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2019-13761MEDIUMCVSS 4.3v6.02019-12-10
CVE-2019-13761 [MEDIUM] CVE-2019-13761: Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13746MEDIUMCVSS 6.5v6.02019-12-10
CVE-2019-13746 [MEDIUM] CVE-2019-13746: Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote a
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-13762LOWCVSS 3.3v6.02019-12-10
CVE-2019-13762 [LOW] CWE-667 CVE-2019-13762: Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allow
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
nvd
CVE-2019-5544CRITICALCVSS 9.8KEVPoCv6.0v7.02019-12-06
CVE-2019-5544 [CRITICAL] CWE-787 CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evalu
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
nvd
CVE-2019-10216HIGHCVSS 7.8v7.02019-11-27
CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
nvd
CVE-2019-13723HIGHCVSS 8.8v6.02019-11-25
CVE-2019-13723 [HIGH] CWE-416 CVE-2019-13723: Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2012-6136MEDIUMCVSS 5.5v6.02019-11-20
CVE-2012-6136 [MEDIUM] CWE-276 CVE-2012-6136: tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitra
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
nvd
CVE-2019-11135MEDIUMCVSS 6.5v7.02019-11-14
CVE-2019-11135 [MEDIUM] CWE-385 CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authentic
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
nvd
CVE-2017-5332HIGHCVSS 7.8v7.02019-11-04
CVE-2017-5332 [HIGH] CWE-119 CVE-2017-5332: The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access un
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
nvd
CVE-2017-5333HIGHCVSS 7.8v7.02019-11-04
CVE-2017-5333 [HIGH] CWE-190 CVE-2017-5333: Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icout
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
nvd
CVE-2019-6470HIGHCVSS 7.5v7.02019-11-01
CVE-2019-6470 [HIGH] CVE-2019-6470: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when o
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND lib
nvd