Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11775 2 Eclipse, Redhat 5 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.
CVE-2019-11235 5 Canonical, Fedoraproject, Freeradius and 2 more 10 Ubuntu Linux, Fedora, Freeradius and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
CVE-2019-11135 9 Canonical, Debian, Fedoraproject and 6 more 304 Ubuntu Linux, Debian Linux, Fedora and 301 more 2024-11-21 2.1 LOW 6.5 MEDIUM
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2024-11-21 7.5 HIGH 8.7 HIGH
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2019-10245 2 Eclipse, Redhat 6 Openj9, Enterprise Linux, Enterprise Linux Desktop and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
CVE-2019-10216 2 Artifex, Redhat 9 Ghostscript, 3scale Api Management, Enterprise Linux and 6 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVE-2019-10182 2 Icedtea-web Project, Redhat 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2024-11-21 5.8 MEDIUM 8.2 HIGH
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
CVE-2019-10168 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10166 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
CVE-2019-10160 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2024-11-21 4.0 MEDIUM 5.0 MEDIUM
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
CVE-2019-10126 6 Canonical, Debian, Linux and 3 more 26 Ubuntu Linux, Debian Linux, Linux Kernel and 23 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
CVE-2019-10086 6 Apache, Debian, Fedoraproject and 3 more 60 Commons Beanutils, Nifi, Debian Linux and 57 more 2024-11-21 7.5 HIGH 7.3 HIGH
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVE-2019-1010238 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVE-2019-1000020 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
CVE-2019-1000019 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
CVE-2019-0223 2 Apache, Redhat 11 Qpid, Enterprise Linux Desktop, Enterprise Linux Eus and 8 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
CVE-2019-0217 8 Apache, Canonical, Debian and 5 more 14 Http Server, Ubuntu Linux, Debian Linux and 11 more 2024-11-21 6.0 MEDIUM 7.5 HIGH
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVE-2019-0210 3 Apache, Oracle, Redhat 4 Thrift, Communications Cloud Native Core Network Slice Selection Function, Enterprise Linux Server and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.