CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-3815 |
2 Redhat, Debian |
7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more |
2019-10-09 |
2.1 |
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=`... |
CVE-2019-10168 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt... |
CVE-2019-10167 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to... |
CVE-2019-10166 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-10-09 |
4.6 |
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had... |
CVE-2019-10153 |
2 Clusterlabs, Redhat |
4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more |
2019-10-09 |
4.0 |
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing... |
CVE-2018-5733 |
4 Isc, Canonical, Debian and 1 more |
8 Dhcp, Ubuntu Linux, Debian Linux and 5 more |
2019-10-09 |
5.0 |
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0... |
CVE-2018-5379 |
4 Quagga, Debian, Canonical and 1 more |
8 Quagga, Debian Linux, Ubuntu Linux and 5 more |
2019-10-09 |
7.5 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially... |
CVE-2018-3760 |
3 Sprockets Project, Debian, Redhat |
6 Sprockets, Debian Linux, Enterprise Linux and 3 more |
2019-10-09 |
5.0 |
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an... |
CVE-2018-1656 |
3 Ibm, Redhat, Oracle |
7 Java Sdk, Sdk, Satellite and 4 more |
2019-10-09 |
4.3 |
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. |
CVE-2018-1517 |
2 Ibm, Redhat |
6 Sdk, Software Development Kit, Satellite and 3 more |
2019-10-09 |
5.0 |
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. |
CVE-2018-1139 |
3 Samba, Canonical, Redhat |
5 Samba, Ubuntu Linux, Enterprise Linux Desktop and 2 more |
2019-10-09 |
4.3 |
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed... |
CVE-2018-1130 |
4 Canonical, Debian, Linux and 1 more |
6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more |
2019-10-09 |
4.9 |
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. |
CVE-2018-1128 |
4 Ceph, Redhat, Debian and 1 more |
11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more |
2019-10-09 |
5.4 |
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to... |
CVE-2018-1120 |
4 Redhat, Debian, Linux and 1 more |
9 Enterprise Mrg, Debian Linux, Linux Kernel and 6 more |
2019-10-09 |
3.5 |
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as... |
CVE-2018-1118 |
4 Linux, Redhat, Canonical and 1 more |
7 Linux Kernel, Virtualization Host, Ubuntu Linux and 4 more |
2019-10-09 |
2.1 |
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some... |
CVE-2018-1113 |
1 Redhat |
4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more |
2019-10-09 |
4.6 |
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell... |
CVE-2018-1106 |
4 Packagekit Project, Canonical, Debian and 1 more |
9 Packagekit, Ubuntu Linux, Debian Linux and 6 more |
2019-10-09 |
2.1 |
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further... |
CVE-2018-1100 |
3 Zsh, Canonical, Redhat |
5 Zsh, Ubuntu Linux, Enterprise Linux Desktop and 2 more |
2019-10-09 |
7.2 |
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. |
CVE-2018-1089 |
3 Fedoraproject, Redhat, Debian |
5 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 2 more |
2019-10-09 |
5.0 |
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make... |
CVE-2018-1087 |
4 Canonical, Debian, Linux and 1 more |
11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more |
2019-10-09 |
4.6 |
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov... |