Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

678 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3890 2 Gnome, Redhat 2 Evolution-ews, Enterprise Linux 2019-10-09 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the...
CVE-2019-3837 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-10-09 4.9
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on...
CVE-2019-3825 3 Gnome, Canonical, Redhat 3 Gnome Display Manager, Ubuntu Linux, Enterprise Linux 2019-10-09 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain...
CVE-2019-14844 3 Mit, Fedoraproject, Redhat 3 Kerberos, Fedora, Enterprise Linux 2019-10-09 5.0
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
CVE-2019-14826 2 Freeipa, Redhat 2 Freeipa, Enterprise Linux 2019-10-09 2.1
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVE-2019-10183 1 Redhat 2 Virt-manager, Enterprise Linux 2019-10-09 2.1
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on...
CVE-2019-10168 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt...
CVE-2019-10167 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to...
CVE-2019-10166 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 4.6
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had...
CVE-2019-10161 1 Redhat 1 Enterprise Linux 2019-10-09 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An...
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2019-10-09 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing...
CVE-2018-3760 3 Sprockets Project, Debian, Redhat 6 Sprockets, Debian Linux, Enterprise Linux and 3 more 2019-10-09 5.0
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an...
CVE-2018-1128 4 Ceph, Redhat, Debian and 1 more 11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more 2019-10-09 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to...
CVE-2018-1120 4 Redhat, Debian, Linux and 1 more 9 Enterprise Mrg, Debian Linux, Linux Kernel and 6 more 2019-10-09 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as...
CVE-2018-1087 4 Canonical, Debian, Linux and 1 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2019-10-09 4.6
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov...
CVE-2018-1086 3 Clusterlabs, Debian, Redhat 4 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux and 1 more 2019-10-09 5.0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote...
CVE-2018-1083 4 Zsh, Canonical, Debian and 1 more 7 Zsh, Ubuntu Linux, Debian Linux and 4 more 2019-10-09 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries...
CVE-2018-1079 2 Clusterlabs, Redhat 2 Pacemaker Command Line Interface, Enterprise Linux 2019-10-09 4.0
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth...
CVE-2018-1049 4 Freedesktop, Redhat, Canonical and 1 more 11 Systemd, Enterprise Linux, Enterprise Linux Desktop and 8 more 2019-10-09 4.3
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount...
CVE-2018-16850 3 Postgresql, Canonical, Redhat 3 Postgresql, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with...