Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Tus
Subscriptions
Total
823 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-05 | N/A |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | ||||
| CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-08-05 | N/A |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | ||||
| CVE-2018-1060 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-05 | 7.5 High |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | ||||
| CVE-2018-0495 | 5 Canonical, Debian, Gnupg and 2 more | 14 Ubuntu Linux, Debian Linux, Libgcrypt and 11 more | 2024-08-05 | N/A |
| Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2019-20934 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more | 2024-08-05 | 5.3 Medium |
| An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | ||||
| CVE-2019-20907 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-08-05 | 7.5 High |
| In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | ||||
| CVE-2019-20636 | 3 Linux, Netapp, Redhat | 24 Linux Kernel, Cloud Backup, Fas 8300 and 21 more | 2024-08-05 | 6.7 Medium |
| In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | ||||
| CVE-2019-19768 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-08-05 | 7.5 High |
| In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | ||||
| CVE-2019-19532 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2024-08-05 | 6.8 Medium |
| In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. | ||||
| CVE-2019-19450 | 3 Debian, Redhat, Reportlab | 7 Debian Linux, Enterprise Linux, Rhel Aus and 4 more | 2024-08-05 | 9.8 Critical |
| paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | ||||
| CVE-2019-19447 | 3 Linux, Netapp, Redhat | 13 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 10 more | 2024-08-05 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | ||||
| CVE-2019-17666 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-08-05 | 8.8 High |
| rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | ||||
| CVE-2019-17133 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-08-05 | 9.8 Critical |
| In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | ||||
| CVE-2019-17006 | 4 Mozilla, Netapp, Redhat and 1 more | 27 Network Security Services, Hci Compute Node, Hci Management Node and 24 more | 2024-08-05 | 9.8 Critical |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | ||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 49 Ubuntu Linux, Debian Linux, Fedora and 46 more | 2024-08-05 | 7.8 High |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | ||||
| CVE-2019-14895 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-05 | 9.8 Critical |
| A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14868 | 4 Apple, Debian, Ksh Project and 1 more | 8 Mac Os X, Debian Linux, Ksh and 5 more | 2024-08-05 | 7.4 High |
| In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. | ||||
| CVE-2019-14816 | 7 Canonical, Debian, Fedoraproject and 4 more | 60 Ubuntu Linux, Debian Linux, Fedora and 57 more | 2024-08-05 | 7.8 High |
| There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14287 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-05 | 8.8 High |
| In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | ||||
| CVE-2019-13638 | 3 Debian, Gnu, Redhat | 7 Debian Linux, Patch, Enterprise Linux and 4 more | 2024-08-04 | N/A |
| GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | ||||