Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-03 | CVE-2019-7310 | Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | 7.8 |
| 2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |
| 2019-01-31 | CVE-2019-6109 | Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 6.8 |
| 2019-01-30 | CVE-2018-17189 | Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. | 5.3 |
| 2019-01-29 | CVE-2019-7150 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in elfutils 0.175. | 5.5 |
| 2019-01-28 | CVE-2019-3815 | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. | 3.3 |
| 2019-01-28 | CVE-2018-16889 | Unspecified vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. | 7.5 |
| 2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
| 2019-01-22 | CVE-2018-14666 | Incorrect Authorization vulnerability in Redhat Satellite An improper authorization flaw was found in the Smart Class feature of Foreman. | 7.2 |
| 2019-01-22 | CVE-2019-1003004 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. | 7.2 |