Redhat Enterprise Linux vulnerabilities
1,738 known vulnerabilities affecting redhat/enterprise_linux.
Total CVEs
1,738
CISA KEV
20
actively exploited
Public exploits
88
Exploited in wild
26
Severity breakdown
CRITICAL157HIGH589MEDIUM839LOW153
Vulnerabilities
Page 43 of 87
CVE-2017-5332HIGHCVSS 7.8v7.02019-11-04
CVE-2017-5332 [HIGH] CWE-119 CVE-2017-5332: The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access un
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
nvd
CVE-2017-5333HIGHCVSS 7.8v7.02019-11-04
CVE-2017-5333 [HIGH] CWE-190 CVE-2017-5333: Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icout
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
nvd
CVE-2013-4751HIGHCVSS 8.1v6.02019-11-01
CVE-2013-4751 [HIGH] CWE-20 CVE-2013-4751: php-symfony2-Validator has loss of information during serialization
php-symfony2-Validator has loss of information during serialization
nvd
CVE-2019-6470HIGHCVSS 7.5v8.02019-11-01
CVE-2019-6470 [HIGH] CVE-2019-6470: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when o
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND lib
nvd
CVE-2013-3718MEDIUMCVSS 5.5v5.02019-11-01
CVE-2013-3718 [MEDIUM] CWE-20 CVE-2013-3718: evince is missing a check on number of pages which can lead to a segmentation fault
evince is missing a check on number of pages which can lead to a segmentation fault
nvd
CVE-2019-5010HIGHCVSS 7.5v8.02019-10-31
CVE-2019-5010 [HIGH] CWE-476 CVE-2019-5010: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org P
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
nvd
CVE-2019-11043CRITICALCVSS 9.8KEVPoCv8.02019-10-28
CVE-2019-11043 [CRITICAL] CWE-120 CVE-2019-11043: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurati
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
nvd
CVE-2019-17596HIGHCVSS 7.5v8.02019-10-24
CVE-2019-17596 [HIGH] CWE-436 CVE-2019-17596: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic conta
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
nvd
CVE-2019-17631CRITICALCVSS 9.1v8.02019-10-17
CVE-2019-17631 [CRITICAL] CWE-285 CVE-2019-17631: From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
nvd
CVE-2019-14287HIGHCVSS 8.8PoCv8.02019-10-17
CVE-2019-14287 [HIGH] CWE-755 CVE-2019-14287: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain poli
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
nvd
CVE-2019-2996MEDIUMCVSS 4.2v8.02019-10-16
CVE-2019-2996 [MEDIUM] CVE-2019-2996: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). Th
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require hu
nvd
CVE-2019-2999MEDIUMCVSS 4.7v8.02019-10-16
CVE-2019-2999 [MEDIUM] CVE-2019-2999: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than th
nvd
CVE-2019-2975MEDIUMCVSS 4.8v8.02019-10-16
CVE-2019-2975 [MEDIUM] CVE-2019-2975: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac
nvd
CVE-2019-2988LOWCVSS 3.7v8.02019-10-16
CVE-2019-2988 [LOW] CVE-2019-2988: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks o
nvd
CVE-2019-2945LOWCVSS 3.1v8.02019-10-16
CVE-2019-2945 [LOW] CVE-2019-2945: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2019-2983LOWCVSS 3.7v8.02019-10-16
CVE-2019-2983 [LOW] CVE-2019-2983: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successf
nvd
CVE-2019-2981LOWCVSS 3.7v8.02019-10-16
CVE-2019-2981 [LOW] CVE-2019-2981: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supporte
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attack
nvd
CVE-2019-2992LOWCVSS 3.7v8.02019-10-16
CVE-2019-2992 [LOW] CVE-2019-2992: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks o
nvd
CVE-2019-2964LOWCVSS 3.7v8.02019-10-16
CVE-2019-2964 [LOW] CVE-2019-2964: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). S
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2019-2973LOWCVSS 3.7v8.02019-10-16
CVE-2019-2973 [LOW] CVE-2019-2973: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supporte
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attack
nvd