enterprise linux server aus vulnerabilities and exploits

NA
CVE-2019-8324

Installing a malicious gem may lead to arbitrary code execution...

NA
CVE-2019-8322

Escape sequence injection vulnerability in gem owner...

NA
CVE-2019-8325

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320)...

NA
CVE-2019-8323

A vulnerability in RubyGems could allow an unauthenticated, remote attacker to inject escape sequence code on a targeted system. The vulnerability exists because the affected software does not properly validate user-supplied input when handling API responses. An attacker...

7.5
CVSSv2
CVE-2019-5953

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors....

4.3
CVSSv2
CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact...

7.5
CVSSv2
CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh...

4.3
CVSSv2
CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will...

6.8
CVSSv2
CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1....

MozillaFirefoxFirefox EsrThunderbird
7.5
CVSSv2
CVE-2019-9792

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability...