Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

112 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14826 2 Freeipa, Redhat 2 Freeipa, Enterprise Linux 2019-10-09 2.1
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVE-2019-10183 1 Redhat 2 Virt-manager, Enterprise Linux 2019-10-09 2.1
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on...
CVE-2018-1120 4 Redhat, Debian, Linux and 1 more 9 Enterprise Mrg, Debian Linux, Linux Kernel and 6 more 2019-10-09 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as...
CVE-2017-2625 2 Redhat, X.org 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 2.1
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key,...
CVE-2017-15104 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2019-10-09 2.1
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
CVE-2016-8612 3 Apache, Redhat, Netapp 3 Http Server, Enterprise Linux, Storage Automation Store 2019-10-09 3.3
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2016-7056 4 Openssl, Canonical, Debian and 1 more 4 Openssl, Ubuntu Linux, Debian Linux and 1 more 2019-10-09 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2018-16888 3 Freedesktop, Netapp, Redhat 4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more 2019-10-03 1.9
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to...
CVE-2018-20685 7 Openbsd, Netapp, Winscp and 4 more 11 Openssh, Cloud Backup, Element Software and 8 more 2019-10-03 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-1129 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-08-29 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol....
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2015-8553 2 Xen, Redhat 2 Enterprise Linux, Xen 2019-08-13 2.1
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
CVE-2019-3811 4 Fedoraproject, Debian, Opensuse and 1 more 5 Sssd, Debian Linux, Fedora and 2 more 2019-08-06 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's...
CVE-2018-0495 5 Gnupg, Canonical, Debian and 2 more 9 Libgcrypt, Ubuntu Linux, Debian Linux and 6 more 2019-05-30 1.9
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c,...
CVE-2019-3459 4 Redhat, Canonical, Linux and 1 more 5 Enterprise Mrg, Ubuntu Linux, Linux Kernel and 2 more 2019-05-28 3.3
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-10131 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2019-05-22 3.6
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
CVE-2011-2693 1 Redhat 1 Enterprise Linux 2019-04-22 1.9
The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.
CVE-2013-0200 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2019-04-22 1.9
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or...
CVE-2013-2164 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2019-04-22 2.1
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
CVE-2012-6546 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-04-22 1.9
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.