Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Server Eus Subscribe

Filter

505 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3815 2 Redhat, Debian 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more 2019-10-09 2.1
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=`...
CVE-2019-10171 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux Server Eus 2019-10-09 7.8
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2019-10168 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt...
CVE-2019-10167 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to...
CVE-2019-10166 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had...
CVE-2018-5733 4 Isc, Canonical, Debian and 1 more 8 Dhcp, Ubuntu Linux, Debian Linux and 5 more 2019-10-09 5.0
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0...
CVE-2018-5379 4 Quagga, Debian, Canonical and 1 more 8 Quagga, Debian Linux, Ubuntu Linux and 5 more 2019-10-09 7.5
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially...
CVE-2018-1106 4 Packagekit Project, Canonical, Debian and 1 more 9 Packagekit, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 2.1
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further...
CVE-2018-1087 4 Canonical, Debian, Linux and 1 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2019-10-09 4.6
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov...
CVE-2018-1086 3 Clusterlabs, Debian, Redhat 4 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux and 1 more 2019-10-09 5.0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote...
CVE-2018-1049 4 Freedesktop, Redhat, Canonical and 1 more 11 Systemd, Enterprise Linux, Enterprise Linux Desktop and 8 more 2019-10-09 4.3
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount...
CVE-2018-16863 2 Artifex, Redhat 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted...
CVE-2018-15688 4 Freedesktop, Canonical, Debian and 1 more 9 Systemd, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
CVE-2018-14650 2 Sos-collector Project, Redhat 6 Sos-collector, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 1.9
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run...
CVE-2018-14646 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 4.9
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is...
CVE-2018-14638 2 Fedoraproject, Redhat 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more 2019-10-09 5.0
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-14622 4 Canonical, Debian, Redhat and 1 more 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2019-10-09 5.0
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available...
CVE-2018-10873 4 Spice Project, Redhat, Canonical and 1 more 11 Spice, Virtualization, Virtualization Host and 8 more 2019-10-09 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to...
CVE-2017-7518 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2019-10-09 4.6
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A...
CVE-2017-3145 4 Isc, Netapp, Debian and 1 more 9 Bind, Data Ontap Edge, Debian Linux and 6 more 2019-10-09 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0...