Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux For Power Little Endian
Subscriptions
Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16866 | 5 Canonical, Debian, Netapp and 2 more | 26 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 23 more | 2024-08-05 | 3.3 Low |
| An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. | ||||
| CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-08-05 | 7.5 High |
| cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | ||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 15 Fedora, Enterprise Linux, Enterprise Linux Eus and 12 more | 2024-08-05 | 4.4 Medium |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | ||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2024-08-04 | 8.8 High |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | ||||
| CVE-2019-8383 | 4 Advancemame, Debian, Fedoraproject and 1 more | 7 Advancecomp, Debian Linux, Fedora and 4 more | 2024-08-04 | 7.8 High |
| An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||
| CVE-2019-8379 | 4 Advancemame, Debian, Fedoraproject and 1 more | 7 Advancecomp, Debian Linux, Fedora and 4 more | 2024-08-04 | 7.8 High |
| An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||
| CVE-2019-6454 | 8 Canonical, Debian, Fedoraproject and 5 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | ||||
| CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 17 Fedora, Openslp, Enterprise Linux and 14 more | 2024-08-04 | 9.8 Critical |
| OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | ||||
| CVE-2019-0211 | 8 Apache, Canonical, Debian and 5 more | 28 Http Server, Ubuntu Linux, Debian Linux and 25 more | 2024-08-04 | 7.8 High |
| In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. | ||||
| CVE-2020-27842 | 5 Debian, Fedoraproject, Oracle and 2 more | 11 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 8 more | 2024-08-04 | 5.5 Medium |
| There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | ||||
| CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-08-04 | 7.2 High |
| A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | ||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-08-04 | 8.1 High |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||||
| CVE-2020-14301 | 2 Netapp, Redhat | 14 Ontap Select Deploy Administration Utility, Advanced Virtualization, Codeready Linux Builder and 11 more | 2024-08-04 | 6.5 Medium |
| An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | ||||
| CVE-2020-9490 | 7 Apache, Canonical, Debian and 4 more | 28 Http Server, Ubuntu Linux, Debian Linux and 25 more | 2024-08-04 | 7.5 High |
| Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | ||||
| CVE-2020-8945 | 3 Fedoraproject, Gpgme Project, Redhat | 12 Fedora, Gpgme, Enterprise Linux and 9 more | 2024-08-04 | 7.5 High |
| The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | ||||
| CVE-2021-31566 | 5 Debian, Fedoraproject, Libarchive and 2 more | 14 Debian Linux, Fedora, Libarchive and 11 more | 2024-08-03 | 7.8 High |
| An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | ||||
| CVE-2021-23177 | 4 Debian, Fedoraproject, Libarchive and 1 more | 13 Debian Linux, Fedora, Libarchive and 10 more | 2024-08-03 | 7.8 High |
| An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | ||||
| CVE-2021-23214 | 3 Fedoraproject, Postgresql, Redhat | 7 Fedora, Postgresql, Enterprise Linux and 4 more | 2024-08-03 | 8.1 High |
| When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | ||||
| CVE-2021-20257 | 4 Debian, Fedoraproject, Qemu and 1 more | 9 Debian Linux, Fedora, Qemu and 6 more | 2024-08-03 | 6.5 Medium |
| An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-4091 | 2 Port389, Redhat | 11 389-ds-base, Directory Server, Enterprise Linux and 8 more | 2024-08-03 | 7.5 High |
| A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. | ||||