Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19530 | 4 Debian, Linux, Opensuse and 1 more | 5 Debian Linux, Linux Kernel, Leap and 2 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | ||||
| CVE-2019-19528 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | ||||
| CVE-2019-19527 | 4 Debian, Linux, Opensuse and 1 more | 6 Debian Linux, Linux Kernel, Leap and 3 more | 2024-11-21 | 6.8 Medium |
| In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | ||||
| CVE-2019-19524 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | ||||
| CVE-2019-19523 | 4 Debian, Linux, Opensuse and 1 more | 5 Debian Linux, Linux Kernel, Leap and 2 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | ||||
| CVE-2019-19499 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | ||||
| CVE-2019-19481 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | ||||
| CVE-2019-19479 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | ||||
| CVE-2019-19450 | 3 Debian, Redhat, Reportlab | 7 Debian Linux, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 9.8 Critical |
| paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | ||||
| CVE-2019-19447 | 3 Linux, Netapp, Redhat | 13 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 10 more | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | ||||
| CVE-2019-19354 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2024-11-21 | 7.8 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
| CVE-2019-19340 | 1 Redhat | 2 Ansible Tower, Enterprise Linux | 2024-11-21 | 8.2 High |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. | ||||
| CVE-2019-19339 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Eus | 2024-11-21 | 6.5 Medium |
| It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. | ||||
| CVE-2019-19338 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability. | ||||
| CVE-2019-19334 | 3 Cesnet, Fedoraproject, Redhat | 3 Libyang, Fedora, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | ||||
| CVE-2019-19333 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | ||||
| CVE-2019-19332 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 6.1 Medium |
| An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. | ||||
| CVE-2019-19330 | 4 Canonical, Debian, Haproxy and 1 more | 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more | 2024-11-21 | 9.8 Critical |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | ||||
| CVE-2019-19319 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | ||||
| CVE-2019-19246 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.5 High |
| Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||||