Enterprise_linux_server
(Redhat)| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2019-11-25 | CVE-2019-13723 | Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Fedora, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-04-08 | CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Oncommand_unified_manager, Leap, Enterprise_manager_ops_center, Http_server, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-11-15 | CVE-2019-14869 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. | Ghostscript, Fedora, Leap, 3scale_api_management, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | |
| 2019-11-20 | CVE-2012-6136 | tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | Debian_linux, Fedora, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Tuned | N/A | |
| 2019-09-06 | CVE-2019-14813 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | |
| 2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party... | Bind, Dhcpd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-02-04 | CVE-2019-1000020 | libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. | Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-02-04 | CVE-2019-1000019 | libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. | Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2018-10-19 | CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.6 | |
| 2018-08-28 | CVE-2018-15911 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 |