Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-30 | CVE-2019-10161 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | Ubuntu_linux, Enterprise_linux, Libvirt, Virtualization, Virtualization_host | 7.8 | ||
| 2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux | 7.5 | ||
| 2019-08-29 | CVE-2019-15807 | In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | Debian_linux, Linux_kernel, Enterprise_linux | 4.7 | ||
| 2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_8_s390x, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Openshift_container_platform, Systemd | 4.4 | ||
| 2019-09-06 | CVE-2019-14813 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2019-09-06 | CVE-2019-9854 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding... | Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap, Enterprise_linux | 7.8 | ||
| 2019-09-25 | CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Ubuntu_linux, Docker, Fedora, Runc, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openshift_container_platform | 7.5 | ||
| 2019-09-30 | CVE-2019-16276 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | Debian_linux, Fedora, Go, Cloud_insights_telegraf_agent, Leap, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Openshift_container_platform | 7.5 | ||
| 2019-10-03 | CVE-2018-14461 | The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). | Mac_os_x, Debian_linux, Fedora, Leap, Enterprise_linux, Tcpdump | 7.5 | ||
| 2019-10-03 | CVE-2018-14462 | The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). | Mac_os_x, Debian_linux, Traffix_signaling_delivery_controller, Fedora, Leap, Enterprise_linux, Tcpdump | 7.5 |