Vulnerabilities > Redhat > Enterprise MRG

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-06-19 CVE-2019-11478 Resource Exhaustion vulnerability in multiple products
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences.
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-400
7.5
2019-06-19 CVE-2019-11477 Integer Overflow or Wraparound vulnerability in multiple products
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-190
7.5
2019-04-11 CVE-2019-3459 Out-of-bounds Read vulnerability in multiple products
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5
2018-12-18 CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem.
low complexity
linux redhat debian canonical
8.0
2018-07-30 CVE-2017-7482 Integer Overflow or Wraparound vulnerability in multiple products
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field.
local
low complexity
linux debian redhat CWE-190
7.8
2018-02-09 CVE-2014-8171 Resource Management Errors vulnerability in multiple products
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
local
low complexity
linux redhat CWE-399
5.5
2018-01-14 CVE-2017-15128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12.
local
low complexity
linux redhat CWE-119
5.5
2018-01-14 CVE-2017-15127 A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.
local
low complexity
linux redhat
5.5
2017-10-18 CVE-2014-3706 Improper Certificate Validation vulnerability in Redhat Enterprise MRG 3.0
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
network
high complexity
redhat CWE-295
5.9