Vulnerabilities > Redhat > Enterprise Linux Server TUS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-16 | CVE-2019-2481 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.9 |
| 2019-01-16 | CVE-2019-2455 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 6.5 |
| 2019-01-16 | CVE-2019-2436 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 5.5 |
| 2019-01-16 | CVE-2019-2434 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 6.5 |
| 2019-01-16 | CVE-2019-2420 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.9 |
| 2019-01-11 | CVE-2019-6133 | Race Condition vulnerability in multiple products In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. | 6.7 |
| 2019-01-10 | CVE-2018-20685 | Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . | 5.3 |
| 2019-01-03 | CVE-2018-20662 | Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 6.5 |
| 2019-01-01 | CVE-2018-20650 | Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | 6.5 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 5.5 |