Redhat

Enterprise Linux Server Tus

766 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-17016

  • EPSS 3.47%
  • Veröffentlicht 08.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:32

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability af...

8.8

CVE-2019-17017

  • EPSS 2.63%
  • Veröffentlicht 08.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:33

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Fire...

6.1

CVE-2019-17022

  • EPSS 4.63%
  • Veröffentlicht 08.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:33

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direc...

8.8

CVE-2019-17024

Exploit
  • EPSS 3.28%
  • Veröffentlicht 08.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:34

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T...

7.5

CVE-2019-19906

Exploit
  • EPSS 0.4%
  • Veröffentlicht 19.12.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:37

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c ...

8.1

CVE-2018-1311

  • EPSS 4.17%
  • Veröffentlicht 18.12.2019 20:15:15
  • Zuletzt bearbeitet 04.11.2025 19:15:38

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl...

8.8

CVE-2019-13734

  • EPSS 4.68%
  • Veröffentlicht 10.12.2019 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:25:36

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.8

CVE-2019-5544

Warnung
  • EPSS 92.69%
  • Veröffentlicht 06.12.2019 16:15:11
  • Zuletzt bearbeitet 30.10.2025 19:52:21

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

7.8

CVE-2019-10216

  • EPSS 0.53%
  • Veröffentlicht 27.11.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:18:40

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul...

7.8

CVE-2019-14815

  • EPSS 0.18%
  • Veröffentlicht 25.11.2019 11:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:25

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.