Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2019-11-04 CVE-2017-5333 Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2019-11-05 CVE-2016-4983 A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Dovecot, Leap, Opensuse, Enterprise_linux N/A
2019-11-04 CVE-2017-5332 The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2019-11-04 CVE-2015-8980 The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. Fedora, Leap, Php\-Gettext, Enterprise_linux N/A
2019-11-01 CVE-2013-4751 php-symfony2-Validator has loss of information during serialization Fedora, Enterprise_linux, Symfony N/A
2019-11-01 CVE-2013-3718 evince is missing a check on number of pages which can lead to a segmentation fault Debian_linux, Evince, Opensuse, Enterprise_linux N/A
2019-09-17 CVE-2019-14826 A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. Freeipa, Enterprise_linux N/A
2018-06-26 CVE-2018-3760 There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Debian_linux, Cloudforms, Enterprise_linux, Sprockets 7.5
2018-09-28 CVE-2018-14648 A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. Debian_linux, 389_directory_server, Enterprise_linux 7.5
2018-10-17 CVE-2018-10933 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Ubuntu_linux, Debian_linux, Libssh, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql_workbench, Enterprise_linux 9.1