Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2019-10-03 CVE-2018-16228 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). Mac_os_x, Debian_linux, Fedora, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-03 CVE-2018-16229 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). Mac_os_x, Debian_linux, Traffix_signaling_delivery_controller, Fedora, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-03 CVE-2018-16230 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). Mac_os_x, Debian_linux, Fedora, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-03 CVE-2018-16451 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. Mac_os_x, Debian_linux, Fedora, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-03 CVE-2019-15166 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_management_node, Solidfire, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-17 CVE-2019-14287 In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. Ubuntu_linux, Debian_linux, Fedora, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization, Sudo 8.8
2019-10-24 CVE-2019-17596 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. Cloudvision_portal, Eos, Mos, Terminattr, Debian_linux, Fedora, Go, Leap, Developer_tools, Enterprise_linux, Enterprise_linux_server 7.5
2019-10-31 CVE-2019-5010 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Debian_linux, Leap, Python, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus 7.5
2019-11-06 CVE-2016-1000037 Pagure: XSS possible in file attachment endpoint Fedora, Enterprise_linux, Pagure 6.1
2019-11-07 CVE-2019-18811 A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. Fedora, Linux_kernel, Enterprise_linux 5.5