Vulnerabilities > Redhat > Enterprise Linux Server EUS

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2017-5333 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
7.8
2019-11-04 CVE-2017-5332 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
7.8
2019-09-06 CVE-2019-14813 Incorrect Authorization vulnerability in multiple products
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex redhat fedoraproject opensuse debian CWE-863
critical
9.8
2019-08-02 CVE-2019-10171 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5.
network
low complexity
fedoraproject redhat CWE-770
7.5
2019-08-02 CVE-2019-10168 Path Traversal vulnerability in Redhat products
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-22
7.8
2019-08-02 CVE-2019-10167 Missing Authorization vulnerability in Redhat products
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-862
7.8
2019-08-02 CVE-2019-10166 Unspecified vulnerability in Redhat products
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files.
local
low complexity
redhat
7.8
2019-07-31 CVE-2019-10182 It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
network
low complexity
icedtea-web-project redhat
6.5
2019-07-30 CVE-2018-16871 A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20.
network
low complexity
linux redhat netapp
7.5
2019-04-09 CVE-2017-3139 Reachable Assertion vulnerability in Redhat products
A denial of service flaw was found in the way BIND handled DNSSEC validation.
network
low complexity
redhat CWE-617
7.5