Vulnerabilities > Redhat > Enterprise Linux Server EUS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-04 | CVE-2017-5333 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 7.8 |
2019-11-04 | CVE-2017-5332 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 |
2019-09-06 | CVE-2019-14813 | Incorrect Authorization vulnerability in multiple products A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 9.8 |
2019-08-02 | CVE-2019-10171 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. | 7.5 |
2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 7.8 |
2019-08-02 | CVE-2019-10167 | Missing Authorization vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 7.8 |
2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 7.8 |
2019-07-31 | CVE-2019-10182 | It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. | 6.5 |
2019-07-30 | CVE-2018-16871 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. | 7.5 |
2019-04-09 | CVE-2017-3139 | Reachable Assertion vulnerability in Redhat products A denial of service flaw was found in the way BIND handled DNSSEC validation. | 7.5 |