Redhat Enterprise Linux Server Eus vulnerabilities
622 known vulnerabilities affecting redhat/enterprise_linux_server_eus.
Total CVEs
622
CISA KEV
9
actively exploited
Public exploits
47
Exploited in wild
10
Severity breakdown
CRITICAL178HIGH239MEDIUM183LOW22
Vulnerabilities
Page 3 of 32
CVE-2019-6116HIGHCVSS 7.8PoCv7.62019-03-21
CVE-2019-6116 [HIGH] CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
nvd
CVE-2019-6454MEDIUMCVSS 5.5v7.62019-03-21
CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta
nvd
CVE-2019-3816HIGHCVSS 7.5v7.62019-03-14
CVE-2019-3816 [HIGH] CWE-22 CVE-2019-3816: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because t
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
nvd
CVE-2019-9636CRITICALCVSS 9.8v5.62019-03-08
CVE-2019-9636 [CRITICAL] CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encod
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A sp
nvd
CVE-2018-12390CRITICALCVSS 9.8v7.5v7.62019-02-28
CVE-2018-12390 [CRITICAL] CWE-119 CVE-2018-12390: Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firef
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 6
nvd
CVE-2018-18498CRITICALCVSS 9.8v7.62019-02-28
CVE-2018-18498 [CRITICAL] CWE-190 CVE-2018-18498: A potential vulnerability leading to an integer overflow can occur during buffer size calculations f
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
nvd
CVE-2018-12405CRITICALCVSS 9.8v7.62019-02-28
CVE-2018-12405 [CRITICAL] CWE-119 CVE-2018-12405: Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firef
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox <
nvd
CVE-2018-12392CRITICALCVSS 9.8v7.5v7.62019-02-28
CVE-2018-12392 [CRITICAL] CVE-2018-12392: When manipulating user events in nested loops while opening a document through script, it is possibl
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
nvd
CVE-2018-18493CRITICALCVSS 9.8v7.62019-02-28
CVE-2018-18493 [CRITICAL] CWE-119 CVE-2018-18493: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware acce
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
nvd
CVE-2018-18492CRITICALCVSS 9.8v7.62019-02-28
CVE-2018-18492 [CRITICAL] CWE-416 CVE-2018-18492: A use-after-free vulnerability can occur after deleting a selection element due to a weak reference
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
nvd
CVE-2018-12395HIGHCVSS 7.5v7.52019-02-28
CVE-2018-12395 [HIGH] CVE-2018-12395: By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain re
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
nvd
CVE-2018-12389HIGHCVSS 8.8v7.5v7.62019-02-28
CVE-2018-12389 [HIGH] CWE-119 CVE-2018-12389: Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. So
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
nvd
CVE-2018-12393HIGHCVSS 7.5v7.62019-02-28
CVE-2018-12393 [HIGH] CWE-190 CVE-2018-12393: A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox
nvd
CVE-2018-12397HIGHCVSS 7.1v7.52019-02-28
CVE-2018-12397 [HIGH] CWE-200 CVE-2018-12397: A WebExtension can request access to local files without the warning prompt stating that the extensi
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63
nvd
CVE-2018-18494MEDIUMCVSS 6.5v7.62019-02-28
CVE-2018-18494 [MEDIUM] CWE-346 CVE-2018-18494: A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascr
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
nvd
CVE-2018-12396MEDIUMCVSS 6.5v7.62019-02-28
CVE-2018-12396 [MEDIUM] CWE-732 CVE-2018-12396: A vulnerability where a WebExtension can run content scripts in disallowed contexts following naviga
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
nvd
CVE-2019-6974HIGHCVSS 8.1PoCv7.62019-02-15
CVE-2019-6974 [HIGH] CWE-362 CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles referen
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
nvd
CVE-2019-8308HIGHCVSS 8.2v7.62019-02-12
CVE-2019-8308 [HIGH] CWE-668 CVE-2019-8308: Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sand
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
nvd
CVE-2018-18500CRITICALCVSS 9.8v7.62019-02-05
CVE-2018-18500 [CRITICAL] CWE-416 CVE-2018-18500: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML e
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
nvd
CVE-2018-18501CRITICALCVSS 9.8v7.62019-02-05
CVE-2018-18501 [CRITICAL] CWE-119 CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firef
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox <
nvd