enterprise linux workstation vulnerabilities and exploits

5.8
CVSSv2
CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of...

NA
CVE-2019-1125

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the (CPU) speculatively access memory. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and...

7.2
CVSSv2
CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free...

NA
CVE-2019-10216

Artifex Ghostscript could allow a remote attacker to gain elevated privileges on the system, caused by improper secure privileged calls in the .buildfont1 procedure. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to bypass...

2.1
CVSSv2
CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are...

2.1
CVSSv2
CVE-2019-0161

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access....

NA
CVE-2019-5852

Google Chrome could allow a remote attacker to obtain sensitive information, caused by an object leak of utility functions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information....

NA
CVE-2019-5858

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient filtering of Open URL service parameters. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to...

NA
CVE-2019-5850

Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. CVE-2019-5807 TimGMichaud discovered...

NA
CVE-2019-5854

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in PDFium text rendering. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on...