Filtered by vendor Redhat
Subscriptions
Total
23057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5760 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5759 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Macos, Debian Linux, Fedora and 6 more | 2024-11-21 | N/A |
| Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2019-5758 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5757 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
| CVE-2019-5756 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | ||||
| CVE-2019-5755 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | ||||
| CVE-2019-5754 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. | ||||
| CVE-2019-5737 | 3 Nodejs, Opensuse, Redhat | 4 Node.js, Leap, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. | ||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-11-21 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2019-5489 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node and 8 more | 2024-11-21 | N/A |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | ||||
| CVE-2019-5482 | 7 Debian, Fedoraproject, Haxx and 4 more | 24 Debian Linux, Fedora, Curl and 21 more | 2024-11-21 | 9.8 Critical |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | ||||
| CVE-2019-5481 | 7 Debian, Fedoraproject, Haxx and 4 more | 15 Debian Linux, Fedora, Curl and 12 more | 2024-11-21 | 9.8 Critical |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | ||||
| CVE-2019-5436 | 8 Debian, F5, Fedoraproject and 5 more | 15 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 12 more | 2024-11-21 | 7.8 High |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | ||||
| CVE-2019-5435 | 2 Haxx, Redhat | 2 Curl, Jboss Core Services | 2024-11-21 | N/A |
| An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | ||||
| CVE-2019-5419 | 5 Debian, Fedoraproject, Opensuse and 2 more | 8 Debian Linux, Fedora, Leap and 5 more | 2024-11-21 | 7.5 High |
| There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | ||||
| CVE-2019-5108 | 6 Canonical, Debian, Linux and 3 more | 23 Ubuntu Linux, Debian Linux, Linux Kernel and 20 more | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | ||||
| CVE-2019-5018 | 3 Canonical, Redhat, Sqlite | 3 Ubuntu Linux, Enterprise Linux, Sqlite | 2024-11-21 | 8.1 High |
| An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. | ||||
| CVE-2019-5010 | 4 Debian, Opensuse, Python and 1 more | 9 Debian Linux, Leap, Python and 6 more | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | ||||
| CVE-2019-4579 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-11-21 | 4.3 Medium |
| IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. | ||||
| CVE-2019-4533 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-11-21 | 4.3 Medium |
| IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. | ||||