Filtered by vendor Redhat
Subscribe
Total
5667 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 5.0 MEDIUM | 1.6 LOW |
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||||
| CVE-2019-15031 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | |||||
| CVE-2019-15030 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. | |||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | |||||
| CVE-2019-14909 | 1 Redhat | 1 Keycloak | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | |||||
| CVE-2019-14906 | 2 Libsdl, Redhat | 2 Simple Directmedia Layer, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. | |||||
| CVE-2019-14905 | 3 Fedoraproject, Opensuse, Redhat | 8 Fedora, Backports Sle, Leap and 5 more | 2024-11-21 | 4.6 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. | |||||
| CVE-2019-14904 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 6.1 MEDIUM | 7.3 HIGH |
| A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. | |||||
| CVE-2019-14900 | 3 Hibernate, Quarkus, Redhat | 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. | |||||
| CVE-2019-14898 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. | |||||
| CVE-2019-14896 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. | |||||
| CVE-2019-14894 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 9.0 HIGH | 8.0 HIGH |
| A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. | |||||
| CVE-2019-14892 | 3 Apache, Fasterxml, Redhat | 8 Geode, Jackson-databind, Decision Manager and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | |||||
| CVE-2019-14891 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Cri-o, Openshift Container Platform | 2024-11-21 | 6.0 MEDIUM | 5.0 MEDIUM |
| A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. | |||||
| CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | |||||
| CVE-2019-14888 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | |||||
| CVE-2019-14887 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Fuse and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2019-14885 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | |||||
| CVE-2019-14866 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | |||||