Vulnerabilities > Redhat > Enterprise Linux Server EUS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 3.6 |
| 2019-01-28 | CVE-2019-3815 | Memory Leak vulnerability in multiple products A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. | 3.3 |
| 2019-01-16 | CVE-2019-2422 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 3.1 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 2.1 |
| 2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 2.1 |
| 2018-10-17 | CVE-2018-3136 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 2.6 |
| 2018-10-17 | CVE-2018-3139 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). | 2.6 |
| 2018-08-20 | CVE-2015-5160 | Information Exposure vulnerability in multiple products libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | 2.1 |
| 2018-07-26 | CVE-2017-18344 | Out-of-bounds Read vulnerability in multiple products The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). | 2.1 |
| 2018-04-23 | CVE-2018-1106 | Improper Authentication vulnerability in multiple products An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. | 2.1 |