Redhat Enterprise Linux Desktop vulnerabilities

CVE-2019-11043 [CRITICAL] CWE-120 CVE-2019-11043: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurati In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVE-2019-17631 [CRITICAL] CWE-285 CVE-2019-17631: From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

CVE-2019-14287 [HIGH] CWE-755 CVE-2019-14287: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain poli In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

CVE-2019-2989 [MEDIUM] CVE-2019-2989: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While th

CVE-2019-2949 [MEDIUM] CVE-2019-2949: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supp Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerabil

CVE-2019-2996 [MEDIUM] CVE-2019-2996: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). Th Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require hu

CVE-2019-2999 [MEDIUM] CVE-2019-2999: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than th

CVE-2019-2975 [MEDIUM] CVE-2019-2975: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac

CVE-2019-2988 [LOW] CVE-2019-2988: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks o

CVE-2019-2945 [LOW] CVE-2019-2945: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-2983 [LOW] CVE-2019-2983: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successf

CVE-2019-2981 [LOW] CVE-2019-2981: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supporte Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attack

CVE-2019-2992 [LOW] CVE-2019-2992: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks o

CVE-2019-2964 [LOW] CVE-2019-2964: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). S Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-2973 [LOW] CVE-2019-2973: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supporte Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attack

CVE-2019-2978 [LOW] CVE-2019-2978: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-2987 [LOW] CVE-2019-2987: Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial

CVE-2019-2962 [LOW] CVE-2019-2962: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks o

CVE-2019-14823 [HIGH] CWE-358 CVE-2019-14823: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions a A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

CVE-2019-17055 [LOW] CWE-862 CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel th base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.