Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). | 4.7 |
| 2019-10-16 | CVE-2019-2996 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). | 4.2 |
| 2019-10-16 | CVE-2019-2989 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). | 4.3 |
| 2019-10-16 | CVE-2019-2987 | Vulnerability in the Java SE product of Oracle Java SE (component: 2D). | 4.3 |
| 2019-10-16 | CVE-2019-2975 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). | 4.8 |
| 2019-10-16 | CVE-2019-2949 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). | 6.8 |
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10167 | Path Traversal vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 4.6 |
| 2019-07-31 | CVE-2019-10182 | Code Injection vulnerability in multiple products It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. | 6.5 |