Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 7.8 |
| 2019-08-02 | CVE-2019-10167 | Missing Authorization vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 7.8 |
| 2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 7.8 |
| 2019-08-01 | CVE-2019-14494 | Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. | 7.5 |
| 2019-08-01 | CVE-2019-3890 | Improper Certificate Validation vulnerability in multiple products It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. | 8.1 |
| 2019-08-01 | CVE-2018-10899 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Jolokia versions from 1.2 to before 1.6.1. | 8.8 |
| 2019-08-01 | CVE-2014-8183 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. | 7.4 |
| 2019-07-31 | CVE-2019-10356 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-07-31 | CVE-2019-10355 | Incorrect Type Conversion or Cast vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |