Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

669 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12384 3 Fasterxml, Debian, Redhat 3 Jackson-databind, Debian Linux, Enterprise Linux 2019-08-22 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may...
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-08-15 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2017-15715 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 6.8
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of...
CVE-2017-15710 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2019-08-15 5.0
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials....
CVE-2015-8553 2 Xen, Redhat 2 Enterprise Linux, Xen 2019-08-13 2.1
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
CVE-2019-10168 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt...
CVE-2019-10167 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to...
CVE-2019-10166 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had...
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2019-08-12 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing...
CVE-2014-0081 4 Opensuse Project, Rubyonrails, Redhat and 1 more 6 Enterprise Linux, Ruby On Rails, Opensuse and 3 more 2019-08-08 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or...
CVE-2013-1855 2 Rubyonrails, Redhat 3 Enterprise Linux, Ruby On Rails, Rails 2019-08-08 4.3
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline)...
CVE-2013-1857 2 Rubyonrails, Redhat 3 Enterprise Linux, Ruby On Rails, Rails 2019-08-08 4.3
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon)...
CVE-2013-1854 2 Rubyonrails, Redhat 3 Enterprise Linux, Ruby On Rails, Rails 2019-08-08 5.0
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted...
CVE-2019-10161 1 Redhat 1 Enterprise Linux 2019-08-08 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An...
CVE-2019-3890 2 Gnome, Redhat 2 Evolution-ews, Enterprise Linux 2019-08-08 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the...
CVE-2019-3902 3 Mercurial, Debian, Redhat 3 Mercurial, Debian Linux, Enterprise Linux 2019-08-06 5.8
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
CVE-2019-3811 4 Fedoraproject, Debian, Opensuse and 1 more 5 Sssd, Debian Linux, Fedora and 2 more 2019-08-06 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's...
CVE-2018-19208 3 Sourceforge, Redhat, Suse 3 Libwpd, Enterprise Linux, Suse Linux Enterprise Server 2019-08-06 4.3
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
CVE-2018-18585 5 Kyzer, Canonical, Debian and 2 more 6 Limbspack, Ubuntu Linux, Debian Linux and 3 more 2019-08-06 4.3
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).