Vulnerabilities > Redhat > Enterprise Linux Server TUS > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-23 CVE-2019-0223 While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0.
network
high complexity
apache redhat
7.4
2019-04-18 CVE-2018-16877 A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. 7.8
2019-04-09 CVE-2017-3139 Reachable Assertion vulnerability in Redhat products
A denial of service flaw was found in the way BIND handled DNSSEC validation.
network
low complexity
redhat CWE-617
7.5
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-03-26 CVE-2019-3878 Improper Authentication vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
8.1
2019-03-25 CVE-2019-3857 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed.
8.8
2019-03-25 CVE-2019-3856 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed.
8.8
2019-03-25 CVE-2019-3863 Out-of-bounds Write vulnerability in multiple products
A flaw was found in libssh2 before 1.8.1.
network
low complexity
libssh2 debian netapp opensuse redhat CWE-787
8.8
2019-03-21 CVE-2019-3855 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server.
8.8
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8