Redhat

Enterprise Linux Desktop

1928 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.43%
  • Veröffentlicht 10.12.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:35

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

  • EPSS 1.57%
  • Veröffentlicht 10.12.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:35

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Warnung
  • EPSS 96.82%
  • Veröffentlicht 06.12.2019 16:15:11
  • Zuletzt bearbeitet 30.10.2025 19:52:21

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

  • EPSS 2.3%
  • Veröffentlicht 27.11.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:18:40

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul...

  • EPSS 1.49%
  • Veröffentlicht 25.11.2019 15:15:34
  • Zuletzt bearbeitet 21.11.2024 04:25:34

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • EPSS 0.27%
  • Veröffentlicht 20.11.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:45:53

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

  • EPSS 3.13%
  • Veröffentlicht 14.11.2019 19:15:13
  • Zuletzt bearbeitet 28.05.2026 19:16:28

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • EPSS 2.11%
  • Veröffentlicht 04.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 03:27:24

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

  • EPSS 2.22%
  • Veröffentlicht 04.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 03:27:24

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

Exploit
  • EPSS 8.81%
  • Veröffentlicht 01.11.2019 23:15:10
  • Zuletzt bearbeitet 11.04.2025 14:55:14

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function...