Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

649 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2019-05-20 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-05-17 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2019-3900 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2019-05-17 6.8
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A...
CVE-2019-3880 5 Redhat, Samba, Debian and 2 more 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-05-15 5.5
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to...
CVE-2018-10850 3 Fedoraproject, Debian, Redhat 9 389 Directory Server, Debian Linux, Enterprise Linux and 6 more 2019-05-15 7.1
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
CVE-2017-15134 2 Redhat, Fedoraproject 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-05-15 5.0
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make...
CVE-2018-3665 7 Arm, Intel, Canonical and 4 more 15 Cortex-a, Core I3, Core I5 and 12 more 2019-05-14 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-16884 4 Redhat, Linux, Debian and 1 more 5 Enterprise Mrg, Linux Kernel, Enterprise Linux and 2 more 2019-05-14 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious...
CVE-2019-0217 6 Apache, Canonical, Debian and 3 more 6 Http Server, Ubuntu Linux, Debian Linux and 3 more 2019-05-14 6.0
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVE-2019-11235 5 Freeradius, Fedoraproject, Redhat and 2 more 10 Freeradius, Fedora, Enterprise Linux and 7 more 2019-05-13 7.5
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a...
CVE-2019-11234 4 Freeradius, Fedoraproject, Redhat and 1 more 4 Freeradius, Fedora, Enterprise Linux and 1 more 2019-05-13 7.5
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-9213 5 Linux, Debian, Canonical and 2 more 5 Linux Kernel, Debian Linux, Ubuntu Linux and 2 more 2019-05-13 4.9
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability...
CVE-2019-5736 10 Docker, Google, Linuxcontainers and 7 more 12 Docker, Kubernetes Engine, Lxc and 9 more 2019-05-13 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2018-1129 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-05-13 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol....
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-05-13 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2018-1128 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-05-13 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to...
CVE-2018-1000026 4 Linux, Canonical, Debian and 1 more 8 Linux Kernel, Ubuntu Linux, Debian Linux and 5 more 2019-05-10 6.8
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack...
CVE-2016-8612 3 Apache, Redhat, Netapp 3 Http Server, Enterprise Linux, Storage Automation Store 2019-05-10 3.3
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2018-3693 6 Arm, Intel, Netapp and 3 more 37 Cortex-a, Cortex-r, Atom C and 34 more 2019-05-10 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2018-16888 3 Freedesktop, Netapp, Redhat 4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more 2019-05-10 1.9
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to...