enterprise linux desktop vulnerabilities and exploits

5.8
CVSSv2
CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of...

NA
CVE-2019-1125

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the (CPU) speculatively access memory. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and...

7.2
CVSSv2
CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free...

5.1
CVSSv2
CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon...

NA
CVE-2019-10216

Artifex Ghostscript could allow a remote attacker to gain elevated privileges on the system, caused by improper secure privileged calls in the .buildfont1 procedure. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to bypass...

NA
CVE-2019-5858

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient filtering of Open URL service parameters. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to...

NA
CVE-2019-5857

Google Chrome is vulnerable to a denial of service, caused by a comparison of -0 and null. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to cause a denial of service....

NA
CVE-2019-5865

Google Chrome could allow a remote attacker to bypass security restrictions, caused by a site isolation bypass from compromised renderer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to the...

NA
CVE-2019-5854

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in PDFium text rendering. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on...

NA
CVE-2019-5861

Google Chrome could allow a remote attacker to bypass security restrictions, caused by an error where click location is incorrectly checked. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to...