Vulnerabilities > Redhat > Enterprise Linux EUS > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-11477 Integer Overflow or Wraparound vulnerability in multiple products
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-190
7.5
2019-06-05 CVE-2019-9755 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow issue exists in ntfs-3g 2017.3.23.
local
high complexity
tuxera redhat CWE-191
7.0
2019-05-16 CVE-2019-0820 Resource Exhaustion vulnerability in multiple products
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'.
network
low complexity
microsoft redhat CWE-400
7.5
2019-04-26 CVE-2019-9810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
network
low complexity
mozilla redhat CWE-119
8.8
2019-04-23 CVE-2019-2698 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D).
network
high complexity
oracle redhat debian opensuse canonical hp
8.1
2019-04-23 CVE-2019-2697 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D).
network
high complexity
oracle canonical redhat hp
8.1
2019-04-23 CVE-2019-2602 Resource Exhaustion vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
7.5
2019-04-23 CVE-2019-0223 While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0.
network
high complexity
apache redhat
7.4
2019-04-18 CVE-2018-16877 A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. 7.8
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8