| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3896 |
2 Linux, Redhat |
5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more |
2019-06-19 |
7.2 |
| A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). |
| CVE-2017-5645 |
4 Apache, Netapp, Oracle and 1 more |
59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more |
2019-06-19 |
7.5 |
| In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. |
| CVE-2018-1000122 |
5 Haxx, Canonical, Debian and 2 more |
8 Curl, Ubuntu Linux, Debian Linux and 5 more |
2019-06-18 |
6.4 |
| A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
| CVE-2018-1000120 |
5 Haxx, Canonical, Debian and 2 more |
8 Curl, Ubuntu Linux, Debian Linux and 5 more |
2019-06-18 |
7.5 |
| A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
| CVE-2018-1000007 |
4 Haxx, Debian, Canonical and 1 more |
6 Curl, Debian Linux, Ubuntu Linux and 3 more |
2019-06-18 |
5.0 |
| libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to... |
| CVE-2018-7566 |
6 Suse, Linux, Canonical and 3 more |
12 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server and 9 more |
2019-06-17 |
4.6 |
| The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. |
| CVE-2019-7221 |
7 Fedoraproject, Linux, Opensuse and 4 more |
16 Fedora, Linux Kernel, Leap and 13 more |
2019-06-15 |
4.6 |
| The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. |
| CVE-2015-3195 |
6 Openssl, Apple, Oracle and 3 more |
16 Sun Ray Software, Openssl, Transportation Management and 13 more |
2019-06-14 |
5.0 |
| The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers... |
| CVE-2015-3196 |
7 Hp, Openssl, Oracle and 4 more |
13 Icewall Sso, Icewall Sso Agent Option, Vm Virtualbox and 10 more |
2019-06-13 |
4.3 |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of... |
| CVE-2015-2582 |
4 Debian, Oracle, Canonical and 1 more |
10 Debian Linux, Ubuntu Linux, Solaris and 7 more |
2019-06-13 |
4.0 |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. |
| CVE-2019-9636 |
4 Python, Fedoraproject, Redhat and 1 more |
10 Python, Fedora, Enterprise Linux Desktop and 7 more |
2019-06-13 |
5.0 |
| Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached... |
| CVE-2018-11784 |
6 Apache, Netapp, Canonical and 3 more |
15 Tomcat, Snap Creator Framework, Ubuntu Linux and 12 more |
2019-06-11 |
4.3 |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to... |
| CVE-2018-5740 |
5 Isc, Netapp, Canonical and 2 more |
9 Bind, Data Ontap Edge, Ubuntu Linux and 6 more |
2019-06-10 |
5.0 |
| "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this... |
| CVE-2018-16886 |
2 Redhat, Fedoraproject |
4 Enterprise Linux Server, Fedora, Enterprise Linux Desktop and 1 more |
2019-06-04 |
6.8 |
| etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common... |
| CVE-2019-6454 |
7 Freedesktop, Netapp, Canonical and 4 more |
12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more |
2019-06-04 |
4.9 |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can... |
| CVE-2018-18356 |
5 Google, Debian, Redhat and 2 more |
10 Chrome, Debian Linux, Enterprise Linux Desktop and 7 more |
2019-06-03 |
6.8 |
| An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2016-6662 |
5 Mariadb, Percona, Oracle and 2 more |
14 Mariadb, Mysql, Percona Server and 11 more |
2019-06-03 |
10.0 |
| Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow... |
| CVE-2018-16865 |
5 Freedesktop, Canonical, Debian and 2 more |
13 Systemd, Ubuntu Linux, Debian Linux and 10 more |
2019-06-03 |
4.6 |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if... |
| CVE-2015-0192 |
3 Ibm, Redhat, Suse |
8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more |
2019-06-03 |
7.5 |
| Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. |
| CVE-2019-2422 |
6 Oracle, Netapp, Canonical and 3 more |
15 Jdk, Jre, Oncommand Unified Manager and 12 more |
2019-06-03 |
4.3 |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated... |
