Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

17 matches found

CVE•added 2019/09/20 7:15 p.m.•756 views

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9.1AI score0.00208EPSS

CVE•added 2019/09/20 7:15 p.m.•718 views

CVE-2019-14814

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9AI score0.00254EPSS

CVE•added 2019/09/19 6:15 p.m.•576 views

CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->...

8.8CVSS9AI score0.00053EPSS

CVE•added 2019/09/17 4:15 p.m.•564 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migratio...

7.8CVSS8.3AI score0.00052EPSS

CVE•added 2019/09/13 1:15 p.m.•374 views

CVE-2019-15030

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then acces...

4.4CVSS5.8AI score0.00081EPSS

CVE•added 2019/09/13 1:15 p.m.•321 views

CVE-2019-15031

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers...

4.4CVSS5.8AI score0.00083EPSS

CVE•added 2019/09/11 4:15 p.m.•308 views

CVE-2019-16231

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6AI score0.00036EPSS

CVE•added 2019/09/25 6:15 p.m.•297 views

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

7.5CVSS7.5AI score0.00167EPSS

CVE•added 2019/09/11 4:15 p.m.•286 views

CVE-2019-16233

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6.2AI score0.00096EPSS

CVE•added 2019/09/06 7:15 p.m.•273 views

CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice insta...

7.8CVSS8.6AI score0.00434EPSS

CVE•added 2019/09/06 2:15 p.m.•265 views

CVE-2019-14813

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file ...

9.8CVSS9.5AI score0.08454EPSS

CVE•added 2019/09/30 1:15 p.m.•263 views

CVE-2019-16994

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

4.7CVSS6AI score0.00076EPSS

CVE•added 2019/09/04 12:15 p.m.•251 views

CVE-2019-15718

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus meth...

4.4CVSS4.7AI score0.00105EPSS

CVE•added 2019/09/21 9:15 p.m.•248 views

CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

4.3CVSS4.3AI score0.01561EPSS

CVE•added 2019/09/30 7:15 p.m.•245 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

7.5CVSS7.5AI score0.09219EPSS

CVE•added 2019/09/11 4:15 p.m.•110 views

CVE-2019-16229

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id

4.7CVSS4.7AI score0.00033EPSS

CVE•added 2019/09/17 4:15 p.m.•79 views

CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

5.6CVSS4.6AI score0.00113EPSS