| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3890 |
2 Gnome, Redhat |
2 Evolution-ews, Enterprise Linux |
2019-10-09 |
5.8 |
| It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the... |
| CVE-2019-3837 |
2 Linux, Redhat |
2 Linux Kernel, Enterprise Linux |
2019-10-09 |
4.9 |
| It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on... |
| CVE-2019-3825 |
3 Gnome, Canonical, Redhat |
3 Gnome Display Manager, Ubuntu Linux, Enterprise Linux |
2019-10-09 |
6.9 |
| A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain... |
| CVE-2019-14844 |
3 Mit, Fedoraproject, Redhat |
3 Kerberos, Fedora, Enterprise Linux |
2019-10-09 |
5.0 |
| A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. |
| CVE-2019-14826 |
2 Freeipa, Redhat |
2 Freeipa, Enterprise Linux |
2019-10-09 |
2.1 |
| A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. |
| CVE-2019-10183 |
1 Redhat |
2 Virt-manager, Enterprise Linux |
2019-10-09 |
2.1 |
| Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on... |
| CVE-2019-10168 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
| The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt... |
| CVE-2019-10167 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
| The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to... |
| CVE-2019-10166 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
| It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had... |
| CVE-2019-10161 |
1 Redhat |
1 Enterprise Linux |
2019-10-09 |
7.2 |
| It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An... |
| CVE-2019-10153 |
2 Clusterlabs, Redhat |
4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more |
2019-10-09 |
4.0 |
| A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing... |
| CVE-2018-3760 |
3 Sprockets Project, Debian, Redhat |
6 Sprockets, Debian Linux, Enterprise Linux and 3 more |
2019-10-09 |
5.0 |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an... |
| CVE-2018-1128 |
4 Ceph, Redhat, Debian and 1 more |
11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more |
2019-10-09 |
5.4 |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to... |
| CVE-2018-1120 |
4 Redhat, Debian, Linux and 1 more |
9 Enterprise Mrg, Debian Linux, Linux Kernel and 6 more |
2019-10-09 |
3.5 |
| A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as... |
| CVE-2018-1087 |
4 Canonical, Debian, Linux and 1 more |
11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more |
2019-10-09 |
4.6 |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov... |
| CVE-2018-1086 |
3 Clusterlabs, Debian, Redhat |
4 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux and 1 more |
2019-10-09 |
5.0 |
| pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote... |
| CVE-2018-1083 |
4 Zsh, Canonical, Debian and 1 more |
7 Zsh, Ubuntu Linux, Debian Linux and 4 more |
2019-10-09 |
7.2 |
| Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries... |
| CVE-2018-1079 |
2 Clusterlabs, Redhat |
2 Pacemaker Command Line Interface, Enterprise Linux |
2019-10-09 |
4.0 |
| pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth... |
| CVE-2018-1049 |
4 Freedesktop, Redhat, Canonical and 1 more |
11 Systemd, Enterprise Linux, Enterprise Linux Desktop and 8 more |
2019-10-09 |
4.3 |
| In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount... |
| CVE-2018-16850 |
3 Postgresql, Canonical, Redhat |
3 Postgresql, Ubuntu Linux, Enterprise Linux |
2019-10-09 |
7.5 |
| postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with... |
