Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2019-03-09 CVE-2019-9640 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php canonical debian opensuse netapp redhat CWE-125
5.0
2019-03-09 CVE-2019-9639 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-909
5.0
2019-03-09 CVE-2019-9638 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-125
5.0
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
9.8
2019-03-08 CVE-2019-1003034 A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9
2019-03-08 CVE-2019-1003031 A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9
2019-03-08 CVE-2019-1003030 A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9
2019-03-08 CVE-2019-1003029 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9
2019-03-05 CVE-2019-9213 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms.
local
low complexity
linux debian redhat opensuse canonical CWE-476
5.5
2019-02-28 CVE-2018-18498 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5