| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2016-2183 |
5 Python, Openssl, Cisco and 2 more |
8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more |
2019-05-20 |
5.0 |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a... |
| CVE-2019-9636 |
4 Python, Fedoraproject, Redhat and 1 more |
10 Python, Fedora, Enterprise Linux Desktop and 7 more |
2019-05-17 |
5.0 |
| Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached... |
| CVE-2019-3900 |
3 Fedoraproject, Linux, Redhat |
3 Fedora, Linux Kernel, Enterprise Linux |
2019-05-17 |
6.8 |
| An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A... |
| CVE-2019-3880 |
5 Redhat, Samba, Debian and 2 more |
6 Gluster Storage, Samba, Debian Linux and 3 more |
2019-05-15 |
5.5 |
| A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to... |
| CVE-2018-10850 |
3 Fedoraproject, Debian, Redhat |
9 389 Directory Server, Debian Linux, Enterprise Linux and 6 more |
2019-05-15 |
7.1 |
| 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. |
| CVE-2017-15134 |
2 Redhat, Fedoraproject |
5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more |
2019-05-15 |
5.0 |
| A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make... |
| CVE-2018-3665 |
7 Arm, Intel, Canonical and 4 more |
15 Cortex-a, Core I3, Core I5 and 12 more |
2019-05-14 |
4.7 |
| System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
| CVE-2018-16884 |
4 Redhat, Linux, Debian and 1 more |
5 Enterprise Mrg, Linux Kernel, Enterprise Linux and 2 more |
2019-05-14 |
6.7 |
| A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious... |
| CVE-2019-0217 |
6 Apache, Canonical, Debian and 3 more |
6 Http Server, Ubuntu Linux, Debian Linux and 3 more |
2019-05-14 |
6.0 |
| In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. |
| CVE-2019-11235 |
5 Freeradius, Fedoraproject, Redhat and 2 more |
10 Freeradius, Fedora, Enterprise Linux and 7 more |
2019-05-13 |
7.5 |
| FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a... |
| CVE-2019-11234 |
4 Freeradius, Fedoraproject, Redhat and 1 more |
4 Freeradius, Fedora, Enterprise Linux and 1 more |
2019-05-13 |
7.5 |
| FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. |
| CVE-2019-9213 |
5 Linux, Debian, Canonical and 2 more |
5 Linux Kernel, Debian Linux, Ubuntu Linux and 2 more |
2019-05-13 |
4.9 |
| In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability... |
| CVE-2019-5736 |
10 Docker, Google, Linuxcontainers and 7 more |
12 Docker, Kubernetes Engine, Lxc and 9 more |
2019-05-13 |
9.3 |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these... |
| CVE-2018-1129 |
4 Ceph, Redhat, Debian and 1 more |
10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more |
2019-05-13 |
3.3 |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol.... |
| CVE-2019-7221 |
7 Fedoraproject, Linux, Opensuse and 4 more |
16 Fedora, Linux Kernel, Leap and 13 more |
2019-05-13 |
4.6 |
| The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. |
| CVE-2018-1128 |
4 Ceph, Redhat, Debian and 1 more |
10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more |
2019-05-13 |
5.4 |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to... |
| CVE-2018-1000026 |
4 Linux, Canonical, Debian and 1 more |
8 Linux Kernel, Ubuntu Linux, Debian Linux and 5 more |
2019-05-10 |
6.8 |
| Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack... |
| CVE-2016-8612 |
3 Apache, Redhat, Netapp |
3 Http Server, Enterprise Linux, Storage Automation Store |
2019-05-10 |
3.3 |
| Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. |
| CVE-2018-3693 |
6 Arm, Intel, Netapp and 3 more |
37 Cortex-a, Cortex-r, Atom C and 34 more |
2019-05-10 |
4.7 |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. |
| CVE-2018-16888 |
3 Freedesktop, Netapp, Redhat |
4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more |
2019-05-10 |
1.9 |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to... |
