Redhat Enterprise Linux Server Tus vulnerabilities
767 known vulnerabilities affecting redhat/enterprise_linux_server_tus.
Total CVEs
767
CISA KEV
20
actively exploited
Public exploits
60
Exploited in wild
25
Severity breakdown
CRITICAL109HIGH268MEDIUM337LOW53
Vulnerabilities
Page 12 of 39
CVE-2019-2689MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2689 [MEDIUM] CVE-2019-2689: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2630MEDIUMCVSS 4.4v8.2v8.4+1 more2019-04-23
CVE-2019-2630 [MEDIUM] CVE-2019-2630: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2019-2596MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2596 [MEDIUM] CVE-2019-2596: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2636MEDIUMCVSS 4.4v8.2v8.4+1 more2019-04-23
CVE-2019-2636 [MEDIUM] CVE-2019-2636: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in una
nvd
CVE-2019-2628MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2628 [MEDIUM] CVE-2019-2628: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth
nvd
CVE-2019-2683MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2683 [MEDIUM] CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2019-2584MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2584 [MEDIUM] CVE-2019-2584: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2019-2693MEDIUMCVSS 6.5v8.2v8.4+1 more2019-04-23
CVE-2019-2693 [MEDIUM] CVE-2019-2693: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2019-2585MEDIUMCVSS 4.9v8.2v8.4+1 more2019-04-23
CVE-2019-2585 [MEDIUM] CVE-2019-2585: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau
nvd
CVE-2019-11235CRITICALCVSS 9.8v7.62019-04-22
CVE-2019-11235 [CRITICAL] CWE-345 CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is withi
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
nvd
CVE-2019-11459MEDIUMCVSS 5.5v8.2v8.4+1 more2019-04-22
CVE-2019-11459 [MEDIUM] CWE-754 CVE-2019-11459: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
nvd
CVE-2018-16877HIGHCVSS 7.8v8.2v8.4+1 more2019-04-18
CVE-2018-16877 [HIGH] CWE-287 CVE-2018-16877: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
nvd
CVE-2019-3460MEDIUMCVSS 6.5v8.2v8.42019-04-11
CVE-2019-3460 [MEDIUM] CWE-20 CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux ker
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
nvd
CVE-2019-3459MEDIUMCVSS 6.5v8.2v8.42019-04-11
CVE-2019-3459 [MEDIUM] CWE-125 CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel be
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
nvd
CVE-2017-3139HIGHCVSS 7.5v6.5v6.62019-04-09
CVE-2017-3139 [HIGH] CWE-617 CVE-2017-3139: A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker coul
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
nvd
CVE-2019-3887MEDIUMCVSS 5.6v8.2v8.42019-04-09
CVE-2019-3887 [MEDIUM] CWE-863 CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access wi
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versio
nvd
CVE-2019-0757MEDIUMCVSS 6.5v8.2v8.42019-04-09
CVE-2019-0757 [MEDIUM] CVE-2019-0757: A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
nvd
CVE-2019-0211HIGHCVSS 7.8KEVPoCv8.2v8.4+2 more2019-04-08
CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are
nvd
CVE-2019-0160CRITICALCVSS 9.8v8.2v8.42019-03-27
CVE-2019-0160 [CRITICAL] CWE-120 CVE-2019-0160: Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable e
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
nvd
CVE-2019-3878HIGHCVSS 8.1v7.62019-03-26
CVE-2019-3878 [HIGH] CWE-305 CVE-2019-3878: A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse pr
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authenticatio
nvd