Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.17%
  • Veröffentlicht 22.02.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:10

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

Exploit
  • EPSS 3.53%
  • Veröffentlicht 20.02.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:41

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

  • EPSS 0.65%
  • Veröffentlicht 18.02.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:50:39

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

Exploit
  • EPSS 16.52%
  • Veröffentlicht 15.02.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:20

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Medienbericht Exploit
  • EPSS 98.57%
  • Veröffentlicht 11.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:24

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...

Exploit
  • EPSS 1.03%
  • Veröffentlicht 09.02.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:29

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

Exploit
  • EPSS 1.37%
  • Veröffentlicht 09.02.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:29

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n...

Exploit
  • EPSS 1.78%
  • Veröffentlicht 06.02.2019 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:18

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

  • EPSS 5.35%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:32

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec...

Exploit
  • EPSS 12.77%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:36

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents...