Enterprise Linux Server

enterprise_linux_server

Vendor: Redhat • 1,891 CVEs

CVEs (1,891)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-3863 5Debian Libssh2Netapp+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Dec 19, 2025 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max charac...Show more A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.Show less
CVE-2019-9948 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Nov 21, 2024 Mar 23, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('l...Show more urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.Show less
CVE-2019-3855 8Apple DebianFedoraproject+5 more 14Debian Linux Enterprise LinuxEnterprise Linux Desktop+11 more Nov 21, 2024 Mar 21, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execut...Show more An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.Show less
CVE-2019-7222 7Canonical DebianFedoraproject+4 more 18Active Iq Performance Analytics Services Debian LinuxElement Software Management Node+15 more Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-7221 7Canonical DebianFedoraproject+4 more 15Active Iq Performance Analytics Services Debian LinuxElement Software Management Node+12 more Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-6454 8Canonical DebianFedoraproject+5 more 22Active Iq Performance Analytics Services Debian LinuxEnterprise Linux+19 more Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An un...Show more An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).Show less
CVE-2019-6116 6Artifex CanonicalDebian+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-3816 4Fedoraproject OpensuseOpenwsman Project+1 more 11Enterprise Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Nov 21, 2024 Mar 14, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this...Show more Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.Show less
CVE-2019-9636 7Canonical DebianFedoraproject+4 more 16Debian Linux Enterprise LinuxEnterprise Linux Desktop+13 more Nov 21, 2024 Mar 8, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, e...Show more Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.Show less
CVE-2018-18498 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vuln...Show more A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18494 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin polic...Show more A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18493 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploit...Show more A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18492 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability aff...Show more A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-12405 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-12397 4Canonical DebianMozilla+1 more 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 25, 2025 Feb 28, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts i...Show more A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.Show less
CVE-2018-12396 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Feb 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts...Show more A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.Show less
CVE-2018-12395 4Canonical DebianMozilla+1 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Feb 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted....Show more By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.Show less
CVE-2018-12393 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Feb 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This...Show more A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable to this issue.. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.Show less
CVE-2018-12392 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefo...Show more When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.Show less
CVE-2018-12390 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.Show less

Previous 1...111213...95 Next