Redhat Enterprise Linux For Scientific Computing vulnerabilities

CVE-2019-13744 [MEDIUM] CWE-200 CVE-2019-13744: Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote a Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-13758 [MEDIUM] CVE-2019-13758: Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allo Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2019-13742 [MEDIUM] CVE-2019-13742: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2019-13749 [MEDIUM] CVE-2019-13749: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2019-13737 [MEDIUM] CWE-200 CVE-2019-13737: Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a rem Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2019-13753 [MEDIUM] CWE-125 CVE-2019-13753: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2019-13738 [MEDIUM] CWE-269 CVE-2019-13738: Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remot Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVE-2019-13755 [MEDIUM] CVE-2019-13755: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

CVE-2019-13740 [MEDIUM] CWE-346 CVE-2019-13740: Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-13743 [MEDIUM] CVE-2019-13743: Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2019-13761 [MEDIUM] CVE-2019-13761: Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2019-13746 [MEDIUM] CVE-2019-13746: Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote a Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2019-13762 [LOW] CWE-667 CVE-2019-13762: Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allow Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

CVE-2019-6470 [MEDIUM] CVE-2019-6470: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when o There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND l

CVE-2019-11043 [HIGH] CWE-120 CVE-2019-11043: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurati In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVE-2019-7317 [MEDIUM] CWE-416 CVE-2019-7317: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_fu png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

CVE-2018-16881 [HIGH] CWE-190 CVE-2018-16881: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

CVE-2018-16866 [LOW] CWE-125 CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that term An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

CVE-2017-15129 [MEDIUM] CWE-362 CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an

CVE-2017-12615 [HIGH] CWE-434 CVE-2017-12615: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the r When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.