Vulnerabilities > Redhat > Enterprise Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2019-14824 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values.
network
low complexity
fedoraproject redhat debian CWE-732
6.5
2019-11-07 CVE-2019-18811 Memory Leak vulnerability in multiple products
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.
local
low complexity
linux fedoraproject redhat CWE-401
5.5
2019-11-06 CVE-2016-1000037 Cross-site Scripting vulnerability in multiple products
Pagure: XSS possible in file attachment endpoint
network
low complexity
redhat fedoraproject CWE-79
6.1
2019-11-06 CVE-2014-8181 Improper Initialization vulnerability in Redhat Enterprise Linux and Enterprise MRG
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
local
low complexity
redhat CWE-665
5.5
2019-11-05 CVE-2013-5661 Authentication Bypass by Spoofing vulnerability in multiple products
Cache Poisoning issue exists in DNS Response Rate Limiting.
network
high complexity
isc nlnetlabs nic redhat CWE-290
5.9
2019-11-01 CVE-2013-3718 Improper Input Validation vulnerability in multiple products
evince is missing a check on number of pages which can lead to a segmentation fault
local
low complexity
gnome debian redhat opensuse CWE-20
5.5
2019-10-16 CVE-2019-2999 Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc).
network
high complexity
oracle redhat netapp debian opensuse canonical
4.7
2019-10-16 CVE-2019-2996 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment).
network
high complexity
oracle netapp redhat
4.2
2019-10-16 CVE-2019-2975 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
network
high complexity
oracle redhat netapp debian opensuse mcafee canonical
4.8
2019-10-09 CVE-2019-6465 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition.
network
low complexity
isc redhat CWE-732
5.3