Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 9.22%
  • Veröffentlicht 21.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system wh...

Exploit
  • EPSS 2.25%
  • Veröffentlicht 21.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:32

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

Exploit
  • EPSS 0.68%
  • Veröffentlicht 21.03.2019 16:01:11
  • Zuletzt bearbeitet 21.11.2024 04:47:47

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Exploit
  • EPSS 0.81%
  • Veröffentlicht 21.03.2019 16:01:10
  • Zuletzt bearbeitet 21.11.2024 04:47:46

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Exploit
  • EPSS 2.04%
  • Veröffentlicht 21.03.2019 16:01:08
  • Zuletzt bearbeitet 21.11.2024 04:46:28

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl...

  • EPSS 4.46%
  • Veröffentlicht 21.03.2019 16:00:36
  • Zuletzt bearbeitet 21.11.2024 04:01:51

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s...

  • EPSS 14.74%
  • Veröffentlicht 14.03.2019 22:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:36

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp...

Exploit
  • EPSS 2.35%
  • Veröffentlicht 13.03.2019 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:12

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

  • EPSS 8.81%
  • Veröffentlicht 08.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:01

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a ...

Exploit
  • EPSS 5.67%
  • Veröffentlicht 05.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:13

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check...