enterprise linux desktop vulnerabilities and exploits

NA
CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE....

NA
CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network...

NA
CVE-2019-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with...

NA
CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....

NA
CVE-2011-3145

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private....

NA
CVE-2019-7096

Adobe Flash Player could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a crash and possibly execute...

NA
CVE-2019-7108

Adobe Flash Player could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information....

5
CVSSv2
CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response....

NA
CVE-2019-5795

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in PDFium. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system....

NA
CVE-2019-5794

Debian: CVE-2019-5794: chromium -- security update...