Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

661 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11307 2 Fasterxml, Redhat 2 Jackson-databind, Enterprise Linux 2019-07-22 7.5
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVE-2019-10164 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2019-07-21 9.0
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This...
CVE-2018-8778 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack...
CVE-2018-8777 4 Ruby-lang, Debian, Canonical and 1 more 4 Ruby, Debian Linux, Ubuntu Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a...
CVE-2018-6914 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or...
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2019-10193 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to...
CVE-2019-10192 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick...
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 17 Perl, Ubuntu Linux, Debian Linux and 14 more 2019-07-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2019-10183 1 Redhat 2 Virt-manager, Enterprise Linux 2019-07-12 2.1
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on...
CVE-2019-11479 5 F5, Pulsesecure, Redhat and 2 more 24 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 21 more 2019-06-20 5.0
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a...
CVE-2019-11478 5 F5, Pulsesecure, Redhat and 2 more 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more 2019-06-20 5.0
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a...
CVE-2019-11477 5 F5, Pulsesecure, Redhat and 2 more 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more 2019-06-20 7.8
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service....
CVE-2012-6711 2 Gnu, Redhat 2 Bash, Enterprise Linux 2019-06-20 4.6
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data...
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2018-16838 2 Fedoraproject, Redhat 3 Sssd, Enterprise Linux, Virtualization 2019-06-18 5.5
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2019-9213 5 Linux, Debian, Canonical and 2 more 5 Linux Kernel, Debian Linux, Ubuntu Linux and 2 more 2019-06-17 4.9
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability...
CVE-2019-10160 2 Python, Redhat 2 Python, Enterprise Linux 2019-06-17 5.0
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit...
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2013-1813 3 Redhat, Busybox, T-mobile 3 Busybox, Tm-ac1900, Enterprise Linux 2019-06-13 7.2
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.