Redhat Enterprise Linux Eus vulnerabilities

CVE-2019-7222 [MEDIUM] CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta

CVE-2019-3816 [HIGH] CWE-22 CVE-2019-3816: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because t Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

CVE-2019-9636 [CRITICAL] CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encod Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A sp

CVE-2019-7164 [CRITICAL] CWE-89 CVE-2019-7164: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

CVE-2019-6974 [HIGH] CWE-362 CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles referen In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

CVE-2019-7664 [MEDIUM] CWE-787 CVE-2019-7664: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h becau In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

CVE-2019-7665 [MEDIUM] CWE-125 CVE-2019-7665: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in el In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

CVE-2019-7548 [HIGH] CWE-89 CVE-2019-7548: SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

CVE-2018-18506 [MEDIUM] CVE-2018-18506: When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file o When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attack

CVE-2019-7310 [HIGH] CWE-125 CVE-2019-7310: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::ge In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

CVE-2019-6111 [MEDIUM] CWE-22 CVE-2019-6111: An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, t An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker

CVE-2019-6109 [MEDIUM] CWE-116 CVE-2019-6109: An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

CVE-2019-7150 [MEDIUM] CWE-125 CVE-2019-7150: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlat An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

CVE-2019-2534 [HIGH] CVE-2019-2534: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

CVE-2019-2529 [MEDIUM] CVE-2019-2529: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

CVE-2019-2510 [MEDIUM] CVE-2019-2510: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth

CVE-2019-2532 [MEDIUM] CVE-2019-2532: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit

CVE-2019-2420 [MEDIUM] CVE-2019-2420: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can resul