2019-02-15
|
CVE-2019-6974
|
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform
|
8.1
|
|
|
2019-03-08
|
CVE-2019-9636
|
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host...
|
Ubuntu_linux, Debian_linux, Fedora, Leap, Sun_zfs_storage_appliance_kit, Python, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization
|
9.8
|
|
|
2019-03-21
|
CVE-2019-6454
|
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
|
Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Active_iq_performance_analytics_services, Leap, Enterprise_linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Systemd
|
5.5
|
|
|
2019-03-21
|
CVE-2019-7222
|
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
5.5
|
|
|
2019-03-21
|
CVE-2019-9903
|
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
|
Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus
|
6.5
|
|
|
2019-03-23
|
CVE-2019-9948
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
|
Ubuntu_linux, Debian_linux, Fedora, Leap, Python, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_tus, Enterprise_linux_workstation
|
9.1
|
|
|
2019-03-27
|
CVE-2019-0160
|
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
|
Fedora, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Edk_ii
|
9.8
|
|
|
2019-04-11
|
CVE-2019-3459
|
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
|
Ubuntu_linux, Debian_linux, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Enterprise_mrg
|
6.5
|
|
|
2019-04-11
|
CVE-2019-3460
|
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
|
Ubuntu_linux, Debian_linux, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host
|
6.5
|
|
|
2019-04-18
|
CVE-2018-16877
|
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
|
Ubuntu_linux, Pacemaker, Debian_linux, Fedora, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus
|
7.8
|
|
|