Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12614 5Canonical FedoraprojectLinux+2 more 5Enterprise Linux FedoraLeap+2 more Nov 21, 2024 Jun 3, 2019 N/A· v4 4.1 MEDIUM· v3 4.7 MEDIUM· v2 An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial...Show more An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).Show less
CVE-2019-11356 5Canonical CyrusDebian+2 more 8Debian Linux Enterprise LinuxEnterprise Linux Eus+5 more Nov 21, 2024 Jun 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
CVE-2019-3895 2Openstack Redhat 2Octavia Openstack Nov 21, 2024 Jun 3, 2019 N/A· v4 8.0 HIGH· v3 6.8 MEDIUM· v2 An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant...Show more An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.Show less
CVE-2019-3846 7Canonical DebianFedoraproject+4 more 12A700s Firmware Active Iq Unified Manager For Vmware VsphereCn1610 Firmware+9 more Nov 21, 2024 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2019-10147 1Redhat 1Rkt Nov 21, 2024 Jun 3, 2019 N/A· v4 7.7 HIGH· v3 6.9 MEDIUM· v2 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the application...Show more rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.Show less
CVE-2019-10145 1Redhat 1Rkt Nov 21, 2024 Jun 3, 2019 N/A· v4 7.7 HIGH· v3 6.9 MEDIUM· v2 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applicat...Show more rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.Show less
CVE-2019-10144 1Redhat 1Rkt Nov 21, 2024 Jun 3, 2019 N/A· v4 7.7 HIGH· v3 6.9 MEDIUM· v2 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the application...Show more rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.Show less
CVE-2019-12450 6Canonical DebianFedoraproject+3 more 9Debian Linux Enterprise LinuxEnterprise Linux Eus+6 more Nov 21, 2024 May 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-10143 3Fedoraproject FreeradiusRedhat 3Enterprise Linux FedoraFreeradius Nov 21, 2024 May 24, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by trickin...Show more It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."Show less
CVE-2019-5798 6Canonical DebianGoogle+3 more 7Backports ChromeDebian Linux+4 more Nov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-0201 5Apache DebianNetapp+2 more 10Activemq Debian LinuxDrill+7 more Nov 21, 2024 May 23, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information c...Show more An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.Show less
CVE-2019-7837 2Adobe Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 May 22, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-10132 2Fedoraproject Redhat 2Fedora Libvirt Nov 21, 2024 May 22, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-adm...Show more A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.Show less
CVE-2019-3839 6Artifex CanonicalDebian+3 more 6Debian Linux Enterprise LinuxFedora+3 more Nov 21, 2024 May 16, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have acces...Show more It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.Show less
CVE-2019-0820 2Microsoft Redhat 6.net Core .net FrameworkEnterprise Linux+3 more Nov 21, 2024 May 16, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, C...Show more A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.Show less
CVE-2016-7043 1Redhat 1Kie Server Nov 21, 2024 May 15, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties,...Show more It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.Show less
CVE-2019-11833 5Canonical DebianFedoraproject+2 more 15Debian Linux Enterprise LinuxEnterprise Linux Desktop+12 more Nov 21, 2024 May 15, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the...Show more fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.Show less
CVE-2019-11884 6Canonical DebianFedoraproject+3 more 12Debian Linux Enterprise LinuxEnterprise Linux Eus+9 more Nov 21, 2024 May 10, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a...Show more The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.Show less
CVE-2019-11811 3Linux OpensuseRedhat 9Enterprise Linux Enterprise Linux AusEnterprise Linux Desktop+6 more Nov 21, 2024 May 7, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/ch...Show more An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.Show less
CVE-2019-3894 1Redhat 2Jboss Enterprise Application Platform Wildfly Nov 21, 2024 May 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time h...Show more It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.Show less

Previous 1...101102103...285 Next