Redhat Enterprise Linux vulnerabilities
1,738 known vulnerabilities affecting redhat/enterprise_linux.
Total CVEs
1,738
CISA KEV
20
actively exploited
Public exploits
88
Exploited in wild
26
Severity breakdown
CRITICAL157HIGH589MEDIUM839LOW153
Vulnerabilities
Page 52 of 87
CVE-2019-2689MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2689 [MEDIUM] CVE-2019-2689: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2630MEDIUMCVSS 4.4v8.02019-04-23
CVE-2019-2630 [MEDIUM] CVE-2019-2630: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2019-2596MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2596 [MEDIUM] CVE-2019-2596: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2636MEDIUMCVSS 4.4v8.02019-04-23
CVE-2019-2636 [MEDIUM] CVE-2019-2636: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in una
nvd
CVE-2019-2628MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2628 [MEDIUM] CVE-2019-2628: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth
nvd
CVE-2019-2683MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2683 [MEDIUM] CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2019-2584MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2584 [MEDIUM] CVE-2019-2584: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2019-2693MEDIUMCVSS 6.5v8.02019-04-23
CVE-2019-2693 [MEDIUM] CVE-2019-2693: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2019-2585MEDIUMCVSS 4.9v8.02019-04-23
CVE-2019-2585 [MEDIUM] CVE-2019-2585: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau
nvd
CVE-2019-11235CRITICALCVSS 9.8v7.02019-04-22
CVE-2019-11235 [CRITICAL] CWE-345 CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is withi
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
nvd
CVE-2019-11234CRITICALCVSS 9.8v7.02019-04-22
CVE-2019-11234 [CRITICAL] CWE-287 CVE-2019-11234: FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Drag
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
nvd
CVE-2019-11459MEDIUMCVSS 5.5v8.02019-04-22
CVE-2019-11459 [MEDIUM] CWE-754 CVE-2019-11459: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
nvd
CVE-2019-3902MEDIUMCVSS 5.9v7.02019-04-22
CVE-2019-3902 [MEDIUM] CWE-22 CVE-2019-3902: A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to def
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
nvd
CVE-2019-10245HIGHCVSS 7.5v8.02019-04-19
CVE-2019-10245 [HIGH] CWE-20 CVE-2019-10245: In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a metho
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
nvd
CVE-2018-16877HIGHCVSS 7.8v8.02019-04-18
CVE-2018-16877 [HIGH] CWE-287 CVE-2018-16877: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
nvd
CVE-2018-16878MEDIUMCVSS 5.5v8.02019-04-18
CVE-2018-16878 [MEDIUM] CWE-400 CVE-2018-16878: A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflic
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
nvd
CVE-2019-3883HIGHCVSS 7.5v6.02019-04-17
CVE-2019-3883 [HIGH] CWE-772 CVE-2019-3883: In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could r
nvd
CVE-2019-3460MEDIUMCVSS 6.5v8.02019-04-11
CVE-2019-3460 [MEDIUM] CWE-20 CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux ker
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
nvd
CVE-2019-3459MEDIUMCVSS 6.5v5.0v6.0+2 more2019-04-11
CVE-2019-3459 [MEDIUM] CWE-125 CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel be
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
nvd
CVE-2019-3837MEDIUMCVSS 6.1v6.02019-04-11
CVE-2019-3837 [MEDIUM] CWE-362 CVE-2019-3837: It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thre
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or
nvd