Redhat Enterprise Linux Eus vulnerabilities
780 known vulnerabilities affecting redhat/enterprise_linux_eus.
Total CVEs
780
CISA KEV
38
actively exploited
Public exploits
54
Exploited in wild
44
Severity breakdown
CRITICAL156HIGH205MEDIUM352LOW67
Vulnerabilities
Page 13 of 39
CVE-2019-2689MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2689 [MEDIUM] CVE-2019-2689: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2630MEDIUMCVSS 4.4v8.1v8.2+2 more2019-04-23
CVE-2019-2630 [MEDIUM] CVE-2019-2630: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2019-2596MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2596 [MEDIUM] CVE-2019-2596: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2636MEDIUMCVSS 4.4v8.1v8.2+2 more2019-04-23
CVE-2019-2636 [MEDIUM] CVE-2019-2636: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in una
nvd
CVE-2019-2628MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2628 [MEDIUM] CVE-2019-2628: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth
nvd
CVE-2019-2683MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2683 [MEDIUM] CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2019-2584MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2584 [MEDIUM] CVE-2019-2584: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2019-2693MEDIUMCVSS 6.5v8.1v8.2+2 more2019-04-23
CVE-2019-2693 [MEDIUM] CVE-2019-2693: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2019-2585MEDIUMCVSS 4.9v8.1v8.2+2 more2019-04-23
CVE-2019-2585 [MEDIUM] CVE-2019-2585: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau
nvd
CVE-2019-11235CRITICALCVSS 9.8v7.62019-04-22
CVE-2019-11235 [CRITICAL] CWE-345 CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is withi
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
nvd
CVE-2019-11459MEDIUMCVSS 5.5v8.1v8.2+2 more2019-04-22
CVE-2019-11459 [MEDIUM] CWE-754 CVE-2019-11459: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
nvd
CVE-2018-16877HIGHCVSS 7.8v8.1v8.2+2 more2019-04-18
CVE-2018-16877 [HIGH] CWE-287 CVE-2018-16877: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
nvd
CVE-2018-16878MEDIUMCVSS 5.5v8.1v8.2+2 more2019-04-18
CVE-2018-16878 [MEDIUM] CWE-400 CVE-2018-16878: A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflic
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
nvd
CVE-2019-3460MEDIUMCVSS 6.5v8.1v8.2+1 more2019-04-11
CVE-2019-3460 [MEDIUM] CWE-20 CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux ker
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
nvd
CVE-2019-3459MEDIUMCVSS 6.5v8.1v8.2+1 more2019-04-11
CVE-2019-3459 [MEDIUM] CWE-125 CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel be
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
nvd
CVE-2019-3887MEDIUMCVSS 5.6v8.1v8.2+1 more2019-04-09
CVE-2019-3887 [MEDIUM] CWE-863 CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access wi
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versio
nvd
CVE-2019-0757MEDIUMCVSS 6.5v8.1v8.2+1 more2019-04-09
CVE-2019-0757 [MEDIUM] CVE-2019-0757: A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
nvd
CVE-2019-0211HIGHCVSS 7.8KEVPoCv8.1v8.2+3 more2019-04-08
CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are
nvd
CVE-2019-0160CRITICALCVSS 9.8v8.1v8.2+1 more2019-03-27
CVE-2019-0160 [CRITICAL] CWE-120 CVE-2019-0160: Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable e
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
nvd
CVE-2019-9948CRITICALCVSS 9.1v8.1v8.2+2 more2019-03-23
CVE-2019-9948 [CRITICAL] CWE-22 CVE-2019-9948: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remot
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
nvd