| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-11307 |
2 Fasterxml, Redhat |
2 Jackson-databind, Enterprise Linux |
2019-07-22 |
7.5 |
| An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. |
| CVE-2019-10164 |
2 Postgresql, Redhat |
2 Postgresql, Enterprise Linux |
2019-07-21 |
9.0 |
| PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This... |
| CVE-2018-8778 |
4 Ruby-lang, Canonical, Debian and 1 more |
4 Ruby, Ubuntu Linux, Debian Linux and 1 more |
2019-07-21 |
5.0 |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack... |
| CVE-2018-8777 |
4 Ruby-lang, Debian, Canonical and 1 more |
4 Ruby, Debian Linux, Ubuntu Linux and 1 more |
2019-07-21 |
5.0 |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a... |
| CVE-2018-6914 |
4 Ruby-lang, Canonical, Debian and 1 more |
4 Ruby, Ubuntu Linux, Debian Linux and 1 more |
2019-07-21 |
5.0 |
| Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or... |
| CVE-2018-16396 |
4 Ruby-lang, Canonical, Debian and 1 more |
4 Ruby, Ubuntu Linux, Debian Linux and 1 more |
2019-07-21 |
6.8 |
| An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. |
| CVE-2019-10193 |
4 Redhat, Redislabs, Canonical and 1 more |
5 Openstack, Redis, Ubuntu Linux and 2 more |
2019-07-19 |
6.5 |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to... |
| CVE-2019-10192 |
4 Redhat, Redislabs, Canonical and 1 more |
5 Openstack, Redis, Ubuntu Linux and 2 more |
2019-07-19 |
6.5 |
| A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick... |
| CVE-2018-18311 |
7 Perl, Canonical, Debian and 4 more |
17 Perl, Ubuntu Linux, Debian Linux and 14 more |
2019-07-16 |
7.5 |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
| CVE-2019-10183 |
1 Redhat |
2 Virt-manager, Enterprise Linux |
2019-07-12 |
2.1 |
| Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on... |
| CVE-2019-11479 |
5 F5, Pulsesecure, Redhat and 2 more |
24 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 21 more |
2019-06-20 |
5.0 |
| Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a... |
| CVE-2019-11478 |
5 F5, Pulsesecure, Redhat and 2 more |
25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more |
2019-06-20 |
5.0 |
| Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a... |
| CVE-2019-11477 |
5 F5, Pulsesecure, Redhat and 2 more |
25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more |
2019-06-20 |
7.8 |
| Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service.... |
| CVE-2012-6711 |
2 Gnu, Redhat |
2 Bash, Enterprise Linux |
2019-06-20 |
4.6 |
| A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data... |
| CVE-2017-5645 |
4 Apache, Netapp, Oracle and 1 more |
59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more |
2019-06-19 |
7.5 |
| In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. |
| CVE-2018-16838 |
2 Fedoraproject, Redhat |
3 Sssd, Enterprise Linux, Virtualization |
2019-06-18 |
5.5 |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. |
| CVE-2019-9213 |
5 Linux, Debian, Canonical and 2 more |
5 Linux Kernel, Debian Linux, Ubuntu Linux and 2 more |
2019-06-17 |
4.9 |
| In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability... |
| CVE-2019-10160 |
2 Python, Redhat |
2 Python, Enterprise Linux |
2019-06-17 |
5.0 |
| A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit... |
| CVE-2019-7221 |
7 Fedoraproject, Linux, Opensuse and 4 more |
16 Fedora, Linux Kernel, Leap and 13 more |
2019-06-15 |
4.6 |
| The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. |
| CVE-2013-1813 |
3 Redhat, Busybox, T-mobile |
3 Busybox, Tm-ac1900, Enterprise Linux |
2019-06-13 |
7.2 |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. |
