Redhat Enterprise Linux vulnerabilities

CVE-2019-19334 [CRITICAL] CWE-121 CVE-2019-19334: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way li In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

CVE-2019-19333 [CRITICAL] CWE-121 CVE-2019-19333: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way li In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

CVE-2019-19624 [MEDIUM] CWE-125 CVE-2019-19624: An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale i An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

CVE-2013-4235 [MEDIUM] CWE-367 CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CVE-2019-13456 [MEDIUM] CWE-203 CVE-2019-13456: In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the pa In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494

CVE-2011-2717 [CRITICAL] CWE-74 CVE-2011-2717: The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP serve The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

CVE-2019-14896 [CRITICAL] CWE-122 CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVE-2019-18660 [MEDIUM] CWE-200 CVE-2019-18660: The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigat The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

CVE-2019-19319 [MEDIUM] CWE-416 CVE-2019-19319: In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cau In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.

CVE-2011-2207 [MEDIUM] CWE-295 CVE-2011-2207: dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

CVE-2019-19242 [MEDIUM] CWE-476 CVE-2019-19242: SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarg SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

CVE-2012-6655 [LOW] CWE-732 CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

CVE-2016-4980 [LOW] CWE-330 CVE-2016-4980: A password generation weakness exists in xquest through 2016-06-13. A password generation weakness exists in xquest through 2016-06-13.

CVE-2011-3630 [HIGH] CWE-787 CVE-2011-3630: Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way dire Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution wi

CVE-2011-3631 [HIGH] CWE-190 CVE-2011-3631: Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable cr

CVE-2011-3632 [HIGH] CWE-59 CVE-2011-3632: Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attack Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

CVE-2019-14822 [HIGH] CWE-862 CVE-2019-14822: A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engi

CVE-2019-14815 [HIGH] CWE-122 CVE-2019-14815: A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

CVE-2012-5644 [MEDIUM] CWE-200 CVE-2012-5644: libuser has information disclosure when moving user's home directory libuser has information disclosure when moving user's home directory