Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Server
Total 1910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-8535 2 Apple, Redhat 8 Icloud, Iphone Os, Itunes and 5 more 2024-11-21 9.3 HIGH 8.8 HIGH
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8506 2 Apple, Redhat 9 Icloud, Iphone Os, Itunes and 6 more 2024-11-21 9.3 HIGH 8.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8383 4 Advancemame, Debian, Fedoraproject and 1 more 6 Advancecomp, Debian Linux, Fedora and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8379 4 Advancemame, Debian, Fedoraproject and 1 more 6 Advancecomp, Debian Linux, Fedora and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8308 3 Debian, Flatpak, Redhat 8 Debian Linux, Flatpak, Enterprise Linux Desktop and 5 more 2024-11-21 4.4 MEDIUM 8.2 HIGH
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2019-7845 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7837 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2024-11-21 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7665 5 Canonical, Debian, Elfutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
CVE-2019-7664 2 Elfutils Project, Redhat 8 Elfutils, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7310 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVE-2019-7222 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-7221 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-7150 5 Canonical, Debian, Elfutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
CVE-2019-6974 5 Canonical, Debian, F5 and 2 more 24 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 21 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-6470 3 Isc, Opensuse, Redhat 6 Bind, Dhcpd, Leap and 3 more 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
CVE-2019-6454 8 Canonical, Debian, Fedoraproject and 5 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVE-2019-6133 4 Canonical, Debian, Polkit Project and 1 more 9 Ubuntu Linux, Debian Linux, Polkit and 6 more 2024-11-21 4.4 MEDIUM 6.7 MEDIUM
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-5782 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5781 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.