Vulnerabilities > Redhat > Enterprise Linux Desktop > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |
2019-04-08 | CVE-2019-0217 | Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | 7.5 |
2019-03-26 | CVE-2019-3878 | Improper Authentication vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 8.1 |
2019-03-25 | CVE-2019-3857 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. | 8.8 |
2019-03-25 | CVE-2019-3856 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. | 8.8 |
2019-03-25 | CVE-2019-3863 | Out-of-bounds Write vulnerability in multiple products A flaw was found in libssh2 before 1.8.1. | 8.8 |
2019-03-21 | CVE-2019-3855 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. | 8.8 |
2019-03-21 | CVE-2019-7221 | Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | 7.8 |
2019-03-21 | CVE-2019-6116 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | 7.8 |
2019-03-14 | CVE-2019-3816 | Path Traversal vulnerability in multiple products Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. | 7.5 |