Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Exploit
  • EPSS 52.2%
  • Veröffentlicht 17.07.2019 13:15:10
  • Zuletzt bearbeitet 06.11.2025 16:51:07

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with...

Exploit
  • EPSS 3.3%
  • Veröffentlicht 16.07.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:22

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

  • EPSS 50.45%
  • Veröffentlicht 11.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leadin...

  • EPSS 26.05%
  • Veröffentlicht 11.07.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:37

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis...

  • EPSS 23.7%
  • Veröffentlicht 11.07.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:37

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perfo...

  • EPSS 0.43%
  • Veröffentlicht 05.07.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:41

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

  • EPSS 0.4%
  • Veröffentlicht 03.07.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:18:36

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the s...

  • EPSS 3.71%
  • Veröffentlicht 26.06.2019 16:15:09
  • Zuletzt bearbeitet 21.11.2024 04:18:33

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su...

  • EPSS 0.39%
  • Veröffentlicht 25.06.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:38

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...

  • EPSS 45.21%
  • Veröffentlicht 24.06.2019 16:15:15
  • Zuletzt bearbeitet 21.11.2024 04:22:43

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be ...