Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Mrg Realtime
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9506 8 Apple, Blackberry, Canonical and 5 more 274 Iphone Os, Mac Os X, Tvos and 271 more 2024-11-21 4.8 MEDIUM 8.1 HIGH
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-16871 3 Linux, Netapp, Redhat 28 Linux Kernel, Cloud Backup, H300e and 25 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVE-2018-13405 6 Canonical, Debian, F5 and 3 more 27 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 24 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVE-2017-18344 3 Canonical, Linux, Redhat 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 29 Eos, Ubuntu Linux, Debian Linux and 26 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2014-7283 2 Linux, Redhat 2 Linux Kernel, Mrg Realtime 2024-11-21 4.9 MEDIUM N/A
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.
CVE-2009-3620 6 Canonical, Fedoraproject, Linux and 3 more 8 Ubuntu Linux, Fedora, Linux Kernel and 5 more 2024-11-21 4.9 MEDIUM 7.8 HIGH
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVE-2009-3547 8 Canonical, Fedoraproject, Linux and 5 more 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.