Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:7.0
There are 628 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Published: November 27, 2019; 6:15:10 PM -0500
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Published: November 27, 2019; 1:15:11 PM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-4980

A password generation weakness exists in xquest through 2016-06-13.

Published: November 27, 2019; 11:15:11 AM -0500
V3.1: 2.5 LOW
V2.0: 1.9 LOW
CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Published: November 25, 2019; 10:15:27 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

Published: November 25, 2019; 7:15:11 AM -0500
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2019-14815

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

Published: November 25, 2019; 6:15:11 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: November 22, 2019; 10:15:11 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 3.3 LOW
CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

Published: November 22, 2019; 10:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

Published: November 18, 2019; 6:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-19081

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

Published: November 18, 2019; 1:15:13 AM -0500
V3.1: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2019-19068

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

Published: November 18, 2019; 1:15:12 AM -0500
V3.1: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-19066

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

Published: November 18, 2019; 1:15:12 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

Published: November 18, 2019; 1:15:12 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Published: November 15, 2019; 11:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-14824

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Published: November 08, 2019; 10:15:11 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Published: November 07, 2019; 9:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint

Published: November 06, 2019; 2:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-8181

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

Published: November 06, 2019; 10:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Published: November 05, 2019; 5:15:10 PM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2013-5661

Cache Poisoning issue exists in DNS Response Rate Limiting.

Published: November 05, 2019; 2:15:10 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 2.6 LOW