Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Workstation Subscriptions
Total 1849 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-8544 2 Apple, Redhat 10 Icloud, Iphone Os, Itunes and 7 more 2024-08-04 8.8 High
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8535 2 Apple, Redhat 9 Icloud, Iphone Os, Itunes and 6 more 2024-08-04 8.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8506 2 Apple, Redhat 10 Icloud, Iphone Os, Itunes and 7 more 2024-08-04 8.8 High
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8383 4 Advancemame, Debian, Fedoraproject and 1 more 7 Advancecomp, Debian Linux, Fedora and 4 more 2024-08-04 7.8 High
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8379 4 Advancemame, Debian, Fedoraproject and 1 more 7 Advancecomp, Debian Linux, Fedora and 4 more 2024-08-04 7.8 High
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8308 3 Debian, Flatpak, Redhat 9 Debian Linux, Flatpak, Enterprise Linux and 6 more 2024-08-04 N/A
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2019-7837 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more 2024-08-04 N/A
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7845 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2024-08-04 8.8 High
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7665 5 Canonical, Debian, Elfutils Project and 2 more 12 Ubuntu Linux, Debian Linux, Elfutils and 9 more 2024-08-04 5.5 Medium
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
CVE-2019-7664 2 Elfutils Project, Redhat 9 Elfutils, Ansible Tower, Enterprise Linux and 6 more 2024-08-04 5.5 Medium
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7310 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-08-04 7.8 High
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVE-2019-7222 7 Canonical, Debian, Fedoraproject and 4 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2024-08-04 5.5 Medium
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-7221 7 Canonical, Debian, Fedoraproject and 4 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-08-04 N/A
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-7150 5 Canonical, Debian, Elfutils Project and 2 more 12 Ubuntu Linux, Debian Linux, Elfutils and 9 more 2024-08-04 5.5 Medium
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
CVE-2019-6974 5 Canonical, Debian, F5 and 2 more 29 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 26 more 2024-08-04 8.1 High
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-6454 8 Canonical, Debian, Fedoraproject and 5 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2024-08-04 5.5 Medium
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVE-2019-6133 4 Canonical, Debian, Polkit Project and 1 more 12 Ubuntu Linux, Debian Linux, Polkit and 9 more 2024-08-04 N/A
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 12 Ghostscript, Ubuntu Linux, Debian Linux and 9 more 2024-08-04 7.8 High
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-5770 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-08-04 N/A
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5778 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-08-04 N/A
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.