Filtered by vendor Redhat
Subscriptions
Total
23252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3831 | 2 Ovirt, Redhat | 4 Vdsm, Enterprise Linux, Gluster Storage and 1 more | 2024-11-21 | 6.7 Medium |
| A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. | ||||
| CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2024-11-21 | 7.8 High |
| A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | ||||
| CVE-2019-3829 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2024-11-21 | N/A |
| A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | ||||
| CVE-2019-3828 | 1 Redhat | 3 Ansible, Ansible Engine, Openstack | 2024-11-21 | 4.2 Medium |
| Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||||
| CVE-2019-3827 | 2 Gnome, Redhat | 2 Gvfs, Enterprise Linux | 2024-11-21 | 7.0 High |
| An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. | ||||
| CVE-2019-3826 | 2 Prometheus, Redhat | 3 Prometheus, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. | ||||
| CVE-2019-3825 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Gnome Display Manager, Enterprise Linux | 2024-11-21 | N/A |
| A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | ||||
| CVE-2019-3820 | 4 Canonical, Gnome, Opensuse and 1 more | 5 Ubuntu Linux, Gnome-shell, Leap and 2 more | 2024-11-21 | 4.3 Medium |
| It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. | ||||
| CVE-2019-3818 | 2 Kube-rbac-proxy Project, Redhat | 3 Kube-rbac-proxy, Openshift, Openshift Container Platform | 2024-11-21 | 7.5 High |
| The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. | ||||
| CVE-2019-3817 | 2 Redhat, Rpm | 3 Enterprise Linux, Rhel Extras Other, Libcomps | 2024-11-21 | N/A |
| A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. | ||||
| CVE-2019-3816 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 11 Fedora, Leap, Openwsman and 8 more | 2024-11-21 | 7.5 High |
| Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | ||||
| CVE-2019-3815 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 3.3 Low |
| A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | ||||
| CVE-2019-3814 | 4 Canonical, Dovecot, Opensuse and 1 more | 4 Ubuntu Linux, Dovecot, Leap and 1 more | 2024-11-21 | N/A |
| It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | ||||
| CVE-2019-3813 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2024-11-21 | 7.5 High |
| Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. | ||||
| CVE-2019-3805 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd and 3 more | 2024-11-21 | 4.7 Medium |
| A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. | ||||
| CVE-2019-3804 | 3 Cockpit-project, Fedoraproject, Redhat | 4 Cockpit, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. | ||||
| CVE-2019-3802 | 2 Pivotal Software, Redhat | 2 Spring Data Java Persistance Api, Jboss Fuse | 2024-11-21 | 5.3 Medium |
| This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. | ||||
| CVE-2019-3797 | 2 Pivotal Software, Redhat | 2 Spring Data Java Persistence Api, Jboss Fuse | 2024-11-21 | N/A |
| This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | ||||
| CVE-2019-3774 | 2 Pivotal Software, Redhat | 2 Spring Batch, Jboss Fuse | 2024-11-21 | N/A |
| Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||||
| CVE-2019-3773 | 3 Oracle, Pivotal Software, Redhat | 4 Financial Services Analytical Applications Infrastructure, Flexcube Private Banking, Spring Web Services and 1 more | 2024-11-21 | 9.8 Critical |
| Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||||