Redhat

Enterprise Linux

1709 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-9636

  • EPSS 5.63%
  • Published 08.03.2019 21:29:00
  • Last modified 21.11.2024 04:52:01

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a ...

5.5

CVE-2019-9213

Exploit
  • EPSS 5.83%
  • Published 05.03.2019 22:29:00
  • Last modified 21.11.2024 04:51:13

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check...

9.8

CVE-2018-20784

  • EPSS 0.73%
  • Published 22.02.2019 15:29:00
  • Last modified 21.11.2024 04:02:10

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

9.8

CVE-2019-7164

Exploit
  • EPSS 1.98%
  • Published 20.02.2019 00:29:00
  • Last modified 21.11.2024 04:47:41

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

7.8

CVE-2019-8912

  • EPSS 0.36%
  • Published 18.02.2019 18:29:00
  • Last modified 21.11.2024 04:50:39

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

8.1

CVE-2019-6974

Exploit
  • EPSS 7.22%
  • Published 15.02.2019 15:29:00
  • Last modified 21.11.2024 04:47:20

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

9.3

CVE-2019-5736

Exploit
  • EPSS 53.41%
  • Published 11.02.2019 19:29:00
  • Last modified 21.11.2024 04:45:24

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...

5.5

CVE-2019-7664

Exploit
  • EPSS 0.37%
  • Published 09.02.2019 16:29:00
  • Last modified 21.11.2024 04:48:29

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5

CVE-2019-7665

Exploit
  • EPSS 0.14%
  • Published 09.02.2019 16:29:00
  • Last modified 21.11.2024 04:48:29

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n...

7.8

CVE-2019-7548

Exploit
  • EPSS 1.11%
  • Published 06.02.2019 21:29:01
  • Last modified 21.11.2024 04:48:18

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.