Vulnerabilities > Redhat > Enterprise Linux Server TUS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
2019-04-22 | CVE-2019-11235 | Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. | 9.8 |
2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |
2019-04-11 | CVE-2019-3460 | Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | 6.5 |
2019-04-11 | CVE-2019-3459 | Out-of-bounds Read vulnerability in multiple products A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | 6.5 |
2019-04-09 | CVE-2017-3139 | Reachable Assertion vulnerability in Redhat products A denial of service flaw was found in the way BIND handled DNSSEC validation. | 7.5 |
2019-04-09 | CVE-2019-3887 | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. | 5.6 |
2019-04-09 | CVE-2019-0757 | A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. | 6.5 |
2019-04-08 | CVE-2019-0211 | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. | 7.8 |
2019-03-27 | CVE-2019-0160 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | 9.8 |