Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-5754 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
CVE-2019-8912 4Canonical LinuxOpensuse+1 more 4Enterprise Linux LeapLinux Kernel+1 more Nov 21, 2024 Feb 18, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
CVE-2019-8383 4Advancemame DebianFedoraproject+1 more 6Advancecomp Debian LinuxEnterprise Linux For Power Little Endian+3 more Nov 21, 2024 Feb 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to ca...Show more An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-8379 4Advancemame DebianFedoraproject+1 more 6Advancecomp Debian LinuxEnterprise Linux For Power Little Endian+3 more Nov 21, 2024 Feb 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attack...Show more An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.Show less
CVE-2019-6974 5Canonical DebianF5+2 more 24Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+21 more Nov 21, 2024 Feb 15, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-8308 3Debian FlatpakRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Feb 12, 2019 N/A· v4 8.2 HIGH· v3 4.4 MEDIUM· v2 Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2019-5736 13Apache CanonicalD2iq+10 more 19Backports Sle Container Development KitDc/os+16 more Nov 21, 2024 Feb 11, 2019 N/A· v4 8.6 HIGH· v3 9.3 HIGH· v2 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as r...Show more runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.Show less
CVE-2018-12549 2Eclipse Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-12547 2Eclipse Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. Thi...Show more In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.Show less
CVE-2019-7665 5Canonical DebianElfutils Project+2 more 11Debian Linux ElfutilsEnterprise Linux+8 more Nov 21, 2024 Feb 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash...Show more In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.Show less
CVE-2019-7664 2Elfutils Project Redhat 8Elfutils Enterprise LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Feb 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program...Show more In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).Show less
CVE-2019-7628 1Redhat 1Pagure Nov 21, 2024 Feb 8, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users....Show more Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)Show less
CVE-2019-7548 5Debian OpensuseOracle+2 more 9Backports Sle Communications Operations MonitorDebian Linux+6 more Nov 21, 2024 Feb 6, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-3825 3Canonical GnomeRedhat 3Enterprise Linux Gnome Display ManagerUbuntu Linux Nov 21, 2024 Feb 6, 2019 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which...Show more A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.Show less
CVE-2019-3822 7Canonical DebianHaxx+4 more 16Active Iq Unified Manager Clustered Data OntapCommunications Operations Monitor+13 more Nov 21, 2024 Feb 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates th...Show more libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.Show less
CVE-2018-16890 8Canonical DebianF5+5 more 10Big Ip Access Policy Manager Clustered Data OntapCommunications Operations Monitor+7 more Nov 21, 2024 Feb 6, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incomin...Show more libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.Show less
CVE-2019-1003014 2Jenkins Redhat 2Config File Provider Openshift Container Platform Nov 21, 2024 Feb 6, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configu...Show more An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.Show less
CVE-2019-1003013 2Jenkins Redhat 2Blue Ocean Openshift Container Platform Nov 21, 2024 Feb 6, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkin...Show more An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.Show less
CVE-2019-1003012 2Jenkins Redhat 2Blue Ocean Openshift Container Platform Nov 21, 2024 Feb 6, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-...Show more A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.Show less
CVE-2019-1003011 2Jenkins Redhat 2Openshift Container Platform Token Macro Nov 21, 2024 Feb 6, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmac...Show more An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.Show less

Previous 1...111112113...285 Next