enterprise linux desktop vulnerabilities and exploits

7.5
CVSSv2
CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via...

5
CVSSv2
CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack....

5.1
CVSSv2
CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon...

4.3
CVSSv2
CVE-2019-11702

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are...

4.6
CVSSv2
CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program...

7.2
CVSSv2
CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the...