Vulnerabilities > Redhat > Enterprise Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 5.0 |
2019-11-14 | CVE-2011-1145 | Classic Buffer Overflow vulnerability in multiple products The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | 4.6 |
2019-11-13 | CVE-2010-4664 | Improper Privilege Management vulnerability in multiple products In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. | 6.5 |
2019-11-13 | CVE-2010-4661 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 4.6 |
2019-11-13 | CVE-2010-4657 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. | 5.0 |
2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
2019-11-07 | CVE-2008-3278 | Insecure Default Initialization of Resource vulnerability in Redhat Frysk 20080805 frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. | 4.6 |
2019-11-07 | CVE-2019-18811 | Memory Leak vulnerability in multiple products A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. | 5.5 |
2019-11-06 | CVE-2016-1000037 | Cross-site Scripting vulnerability in multiple products Pagure: XSS possible in file attachment endpoint | 6.1 |
2019-11-04 | CVE-2017-5333 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 6.8 |