Latest redhat enterprise linux server eus Vulnerabilities

CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
redhat/polkit<0:0.96-11.el6_10.2
redhat/polkit<0:0.112-26.el7_9.1
redhat/polkit<0:0.112-12.el7_3.1
redhat/polkit<0:0.112-12.el7_4.2
redhat/polkit<0:0.112-18.el7_6.3
redhat/polkit<0:0.112-22.el7_7.2
and 62 more
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
Linux Linux kernel=5.15-rc2
and 157 more
CVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash th...
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
Linux Linux kernel<5.12
Fedoraproject Fedora=34
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 157 more
CVE-2021-20233
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 c...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2021-20225
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific s...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-27779
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity ...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-27749
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-25647
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If pro...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-25632
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leadi...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-14372
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craf...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 16 more
CVE-2012-4512
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "typ...
KDE KDE=4.7.3
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server Eus=6.3
Redhat Enterprise Linux Workstation=6.0
CVE-2014-7844
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=6.6
Redhat Enterprise Linux Server Aus=7.3
and 18 more
CVE-2019-5544
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware Horizon DaaS>=8.0.0<9.0.0.0
VMware ESXi=6.0
VMware ESXi=6.0-1
VMware ESXi=6.0-1a
VMware ESXi=6.0-1b
VMware ESXi=6.0-2
and 245 more
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by crea...
Artifex Ghostscript<9.50
Redhat 3scale Api Management=2.6
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
and 5 more
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A ...
Artifex Ghostscript>=9.00<=9.50
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
and 14 more
CVE-2019-10171
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption...
Fedoraproject 389 Directory Server>=1.4.0.0<1.4.0.17
Redhat Enterprise Linux Server Eus=7.5
CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application a...
Icedtea-web Project Icedtea-web<=1.7.2
Icedtea-web Project Icedtea-web=1.8.2
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.6
and 1 more
CVE-2019-0155
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gol...
redhat/kernel<0:2.6.32-754.24.3.el6
redhat/kernel-rt<0:3.10.0-1062.4.3.rt56.1029.el7
redhat/kernel<0:3.10.0-1062.4.3.el7
redhat/kernel<0:3.10.0-327.82.2.el7
redhat/kernel<0:3.10.0-514.70.3.el7
redhat/kernel<0:3.10.0-693.60.3.el7
and 1512 more
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique...
redhat/kernel<0:2.6.32-754.18.2.el6
redhat/kernel<0:2.6.32-431.96.1.el6
redhat/kernel<0:2.6.32-504.80.2.el6
redhat/kernel-rt<0:3.10.0-1062.1.1.rt56.1024.el7
redhat/kernel<0:3.10.0-1062.1.1.el7
redhat/kernel<0:3.10.0-327.82.1.el7
and 100 more
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since...
redhat/libvirt<0:4.5.0-10.el7_6.12
redhat/redhat-release-virtualization-host<0:4.3.4-1.el7e
redhat/redhat-virtualization-host<0:4.3.4-20190620.3.el7_6
Redhat Libvirt>=4.0.0<4.10.1
Redhat Libvirt>=5.0.0<5.4.1
Redhat Enterprise Linux=7.0
and 19 more
CVE-2019-10168
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emul...
redhat/libvirt<0:4.5.0-10.el7_6.12
redhat/redhat-release-virtualization-host<0:4.3.4-1.el7e
redhat/redhat-virtualization-host<0:4.3.4-20190620.3.el7_6
Redhat Libvirt>=4.0.0<4.10.1
Redhat Libvirt>=5.0.0<5.4.1
Redhat Enterprise Linux=7.0
and 16 more
CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify ma...
redhat/libvirt<0:4.5.0-10.el7_6.12
redhat/redhat-release-virtualization-host<0:4.3.4-1.el7e
redhat/redhat-virtualization-host<0:4.3.4-20190620.3.el7_6
Redhat Libvirt>=4.0.0<4.10.1
Redhat Libvirt>=5.0.0<5.4.1
Redhat Enterprise Linux=7.0
and 17 more
CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering...
redhat/python<0:2.7.5-86.el7
redhat/python<0:2.7.5-63.el7_4
redhat/python<0:2.7.5-74.el7_5
redhat/python<0:2.7.5-83.el7_6
redhat/python3<0:3.6.8-15.1.el8
redhat/python27-python<0:2.7.16-6.el6
and 43 more
CVE-2019-3878
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require vali...
redhat/mod_auth_mellon<0.14.2
Mod Auth Mellon Project Mod Auth Mellon<0.14.2
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux Desktop=7.0
and 7 more
CVE-2019-3863
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as ...
Libssh2 Libssh2<1.8.1
Debian Debian Linux=8.0
NetApp ONTAP Select Deploy administration utility
openSUSE Leap=15.0
openSUSE Leap=42.3
Redhat Enterprise Linux Desktop=7.0
and 6 more
CVE-2019-3857
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker ...
Libssh2 Libssh2>=1.2.8<=1.8.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
NetApp ONTAP Select Deploy administration utility
openSUSE Leap=15.0
openSUSE Leap=42.3
and 11 more
CVE-2019-3856
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH ser...
redhat/libssh2<1.8.1
debian/libssh2
Libssh2 Libssh2<1.8.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
NetApp ONTAP Select Deploy administration utility
and 12 more
CVE-2019-3855
IDE SCM. Multiple issues were addressed by updating to version 2.16.
redhat/libssh2<1.8.1
debian/libssh2<=1.8.0-2<=1.4.3-4.1+deb8u1<=1.4.3-1<=1.7.0-1
Apple Xcode<11.0
debian/libssh2
Libssh2 Libssh2<1.8.1
Fedoraproject Fedora=28
and 16 more
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (cre...
redhat/python<0:2.6.6-68.el6_10
redhat/python<0:2.7.5-77.el7_6
redhat/python<0:2.7.5-59.el7_4
redhat/python<0:2.7.5-70.el7_5
redhat/python3<0:3.6.8-2.el8_0
redhat/rh-python36-python<0:3.6.3-4.el6
and 64 more
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have acc...
debian/ghostscript<=9.26a~dfsg-2<=9.26a~dfsg-0+deb9u1
Artifex Ghostscript<9.27
Redhat Ansible Tower=3.3
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.6
and 12 more
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, ...
debian/ghostscript
debian/ghostscript<=9.26a~dfsg-0+deb9u1<=9.26a~dfsg-2
Artifex Ghostscript<9.27
Redhat Ansible Tower=3.3
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
and 14 more
CVE-2019-8308
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
debian/flatpak<=0.8.9-0+deb9u1<=1.2.2-1<=0.8.5-2+deb9u1<=1.2.0-1~bpo9+1<=0.8.9-0+deb9u1~bpo8+1
Flatpak Flatpak<1.0.7
Flatpak Flatpak>=1.1.0<=1.1.3
Flatpak Flatpak>=1.2.0<=1.2.3
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 8 more
CVE-2019-6974
A use after free issue was found in the way Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), device holds a reference to a VM obj...
Linux Linux kernel>=3.10<3.16.64
Linux Linux kernel>=3.17<3.18.136
Linux Linux kernel>=3.19<4.4.176
Linux Linux kernel>=4.5<4.9.156
Linux Linux kernel>=4.10<4.14.99
Linux Linux kernel>=4.15<4.19.21
and 118 more
CVE-2019-7221
A use after free issue was found in the way Linux kernel's KVM hypervisor emulates a preemption timer for L2 guest when nested(=1) virtualization is enabled. This high resolution timer(hrtimer) runs w...
Linux Linux kernel<=4.20.5
openSUSE Leap=15.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Debian Debian Linux=8.0
Canonical Ubuntu Linux=14.04
and 76 more
CVE-2018-18501
Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 6...
Mozilla Thunderbird<60.5
Mozilla Firefox ESR<60.5
Mozilla Firefox<65
Mozilla Firefox<65.0
Mozilla Firefox ESR<60.5
Mozilla Thunderbird<60.5
and 49 more
CVE-2018-18505
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This a...
Mozilla Thunderbird<60.5
Mozilla Firefox ESR<60.5
Mozilla Firefox<65
Mozilla Firefox<65.0
Mozilla Firefox ESR<60.5.0
Mozilla Thunderbird<60.5.0
and 50 more
CVE-2018-18500
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a poten...
Mozilla Thunderbird<60.5
Mozilla Firefox ESR<60.5
Mozilla Firefox<65
Mozilla Firefox<65.0
Mozilla Firefox ESR<60.5
Mozilla Thunderbird<60.5
and 50 more
CVE-2018-18506
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to b...
Mozilla Firefox ESR<60.6
Mozilla Thunderbird<60.6
Mozilla Firefox<65
Mozilla Firefox<65.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 61 more
CVE-2019-6454
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D...
Systemd Project Systemd=239
openSUSE Leap=15.0
Netapp Active Iq Performance Analytics Services
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Fedoraproject Fedora=29
and 53 more
CVE-2019-3815
A memory leak was discovered in the backport of fixes for <a href="https://access.redhat.com/security/cve/CVE-2018-16864">CVE-2018-16864</a> in Red Hat Enterprise Linux (since version v219-62.2) and C...
Redhat Openshift Container Platform=3.11
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.6
Redhat Enterprise Linux Workstation=7.0
and 1 more
CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
debian/ghostscript
redhat/ghostscript<9.27
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.16.04.4
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.4
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.10.4
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.14.04.4
and 18 more
CVE-2019-2422
A memory disclosure flaw was found in the FileChannelImpl class in the Libraries component of OpenJDK. An untrusted Java application or applet could use this flaw leak limited amount of Java Virtual ...
ubuntu/openjdk-7<7
ubuntu/openjdk-8<8
ubuntu/openjdk-8<8
ubuntu/openjdk-8<8
ubuntu/openjdk-8<8
ubuntu/openjdk-lts<11.0.2+9-3ubuntu1~18.04.3
and 44 more
CVE-2019-3813
An off-by-one error was found in spice when accessing arrays. A malicious guest user can use this for a host denial of service.
debian/spice
redhat/spice<0.14.2
debian/spice<=0.14.0-1.2<=0.12.8-2.1<=0.12.8-2.1+deb9u2
Spice Project Spice>=0.5.2<=0.14.1
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
and 13 more
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lac...
ubuntu/linux<4.15.0-46.49
ubuntu/linux<4.18.0-16.17
ubuntu/linux<3.13.0-166.216
ubuntu/linux<5.0~
ubuntu/linux<4.4.0-143.169
ubuntu/linux-aws<4.15.0-1033.35
and 83 more
CVE-2018-15127
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains a heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execut...
<0.9.12
=14.04
=16.04
=18.04
=18.10
=7.0
and 29 more
CVE-2018-18492
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. Th...
Mozilla Thunderbird<60.4
Mozilla Firefox ESR<60.4
Mozilla Firefox<64
Mozilla Firefox<64.0
Mozilla Firefox ESR<60.4.0
Mozilla Thunderbird<60.4.0
and 28 more
CVE-2018-18493
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a...
Mozilla Thunderbird<60.4
Mozilla Firefox ESR<60.4
Mozilla Firefox<64
Mozilla Firefox<64.0
Mozilla Firefox ESR<60.4.0
Mozilla Thunderbird<60.4.0
and 28 more
CVE-2018-12405
Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs pr...
Mozilla Thunderbird<60.4
Mozilla Firefox ESR<60.4
Mozilla Firefox<64
Mozilla Firefox<64.0
Mozilla Firefox ESR<60.4.0
Mozilla Thunderbird<60.4.0
and 50 more
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is...
Mozilla Thunderbird<60.4
Mozilla Firefox ESR<60.4
Mozilla Firefox<64
Mozilla Firefox<64.0
Mozilla Firefox ESR<60.4.0
Mozilla Thunderbird<60.4.0
and 28 more
CVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bou...
Mozilla Thunderbird<60.4
Mozilla Firefox ESR<60.4
Mozilla Firefox<64
Mozilla Firefox<64.0
Mozilla Firefox ESR<60.4
Mozilla Thunderbird<60.4
and 28 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203