Vulnerabilities > Redhat > Enterprise Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-2762 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle canonical opensuse debian redhat mcafee hp
5.3
2019-07-23 CVE-2019-2757 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle canonical fedoraproject redhat
4.9
2019-07-23 CVE-2019-2755 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
network
low complexity
oracle fedoraproject redhat
4.9
2019-07-23 CVE-2019-2752 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options).
network
low complexity
oracle fedoraproject redhat
4.9
2019-07-22 CVE-2019-9959 Integer Overflow or Wraparound vulnerability in multiple products
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
network
low complexity
freedesktop debian fedoraproject redhat CWE-190
6.5
2019-06-24 CVE-2019-12384 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization.
network
high complexity
fasterxml debian redhat CWE-502
5.9
2019-06-19 CVE-2019-11038 Use of Uninitialized Resource vulnerability in multiple products
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable.
5.3
2019-06-03 CVE-2019-12614 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6.
4.1
2019-05-23 CVE-2019-5798 Out-of-bounds Read vulnerability in multiple products
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat opensuse canonical suse CWE-125
6.5
2019-05-15 CVE-2019-11833 Use of Uninitialized Resource vulnerability in multiple products
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
5.5