Redhat Enterprise Linux Workstation vulnerabilities

1,845 known vulnerabilities affecting redhat/enterprise_linux_workstation.

Total CVEs

1,845

CISA KEV

actively exploited

Public exploits

130

Exploited in wild

Severity breakdown

CRITICAL335HIGH699MEDIUM713LOW98

Vulnerabilities

Page 3 of 93

CVE-2020-10531HIGHCVSS 8.8v6.02020-03-12

CVE-2020-10531 [HIGH] CWE-190 CVE-2020-10531: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An int An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

nvd

CVE-2020-6384HIGHCVSS 8.8v6.02020-02-27

CVE-2020-6384 [HIGH] CWE-416 CVE-2020-6384: Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to pote Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6418HIGHCVSS 8.8KEVPoCv6.02020-02-27

CVE-2020-6418 [HIGH] CWE-843 CVE-2020-6418: Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6383HIGHCVSS 8.8v6.02020-02-27

CVE-2020-6383 [HIGH] CWE-843 CVE-2020-6383: Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6386HIGHCVSS 8.8v6.02020-02-27

CVE-2020-6386 [HIGH] CWE-416 CVE-2020-6386: Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potent Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-3757HIGHCVSS 8.8v6.02020-02-13

CVE-2020-3757 [HIGH] CWE-843 CVE-2020-3757: Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

nvd

CVE-2020-8945HIGHCVSS 7.5v7.02020-02-12

CVE-2020-8945 [HIGH] CWE-416 CVE-2020-8945: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated b The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

nvd

CVE-2020-6402HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6402 [HIGH] CWE-20 CVE-2020-6402: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

nvd

CVE-2020-6404HIGHCVSS 8.8PoCv6.02020-02-11

CVE-2020-6404 [HIGH] CWE-787 CVE-2020-6404: Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attack Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6381HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6381 [HIGH] CWE-190 CVE-2020-6381: Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowe Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6398HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6398 [HIGH] CWE-908 CVE-2020-6398: Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

nvd

CVE-2020-6416HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6416 [HIGH] CWE-20 CVE-2020-6416: Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote atta Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2013-4535HIGHCVSS 8.8v6.02020-02-11

CVE-2013-4535 [HIGH] CWE-20 CVE-2013-4535: The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

nvd

CVE-2020-6385HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6385 [HIGH] CWE-754 CVE-2020-6385: Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote a Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

nvd

CVE-2020-6415HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6415 [HIGH] CWE-787 CVE-2020-6415: Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote a Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6406HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6406 [HIGH] CWE-416 CVE-2020-6406: Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentia Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6390HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6390 [HIGH] CWE-787 CVE-2020-6390: Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attac Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6382HIGHCVSS 8.8v6.02020-02-11

CVE-2020-6382 [HIGH] CWE-843 CVE-2020-6382: Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to pot Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2020-6403MEDIUMCVSS 4.3v6.02020-02-11

CVE-2020-6403 [MEDIUM] CVE-2020-6403: Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote a Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2020-6393MEDIUMCVSS 6.5v6.02020-02-11

CVE-2020-6393 [MEDIUM] CWE-862 CVE-2020-6393: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

← Previous3 / 93Next →