Redhat

Enterprise Linux For Scientific Computing

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-13726

  • EPSS 7.4%
  • Veröffentlicht 10.12.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:35

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8

CVE-2019-13728

  • EPSS 3.15%
  • Veröffentlicht 10.12.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:35

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2019-13727

  • EPSS 1.28%
  • Veröffentlicht 10.12.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:35

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

7.5

CVE-2019-6470

Exploit
  • EPSS 0.27%
  • Veröffentlicht 01.11.2019 23:15:10
  • Zuletzt bearbeitet 11.04.2025 14:55:14

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function...

9.8

CVE-2019-11043

Warnung Exploit
  • EPSS 94.11%
  • Veröffentlicht 28.10.2019 15:15:13
  • Zuletzt bearbeitet 14.02.2025 16:43:36

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p...

5.3

CVE-2019-7317

Exploit
  • EPSS 0.99%
  • Veröffentlicht 04.02.2019 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:00

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

7.5

CVE-2018-16881

  • EPSS 2.77%
  • Veröffentlicht 25.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

3.3

CVE-2018-16866

Exploit
  • EPSS 0.11%
  • Veröffentlicht 11.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:28

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

4.9

CVE-2017-15129

  • EPSS 0.07%
  • Veröffentlicht 09.01.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:07

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in ne...

8.1

CVE-2017-12615

Warnung Exploit
  • EPSS 94.36%
  • Veröffentlicht 19.09.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP...