redhat enterprise linux 7.5 vulnerabilities and exploits

(subscribe to this query)

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is...

Haproxy Haproxy Redhat Enterprise Linux 7.5 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 7.4 Redhat Enterprise Linux 7.3

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible....

Fasterxml Jackson-databind Debian Debian Linux 8.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 7.4 Redhat Enterprise Linux 7.6 Redhat Enterprise Linux 7.5 Redhat Enterprise Linux 7.716 Github repositories available

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as...

Gnome Evince Debian Debian Linux 8.0 Debian Debian Linux 9.0 Redhat Enterprise Linux Server Eus 7.6 Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Server Aus 7.6 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server Tus 7.4 Redhat Enterprise Linux Server 7.5 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server Tus 7.6 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Server 7.4 Redhat Enterprise Linux Server 7.62 EDB exploits available1 Metasploit module available

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root...

Clusterlabs Pacemaker Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server Eus 7.6 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Server Eus 7.3 Redhat Enterprise Linux Server 6.0

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when...

Redhat Enterprise Linux 7.6 Redhat Cloudforms 4.6 Redhat Enterprise Linux 6.7 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 7.3 Redhat Enterprise Linux 7.4 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.5 Redhat Cloudforms 4.5 Sprockets Project Sprockets Sprockets Project Sprockets 4.0.0 Debian Debian Linux 9.022 Github repositories available

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges....

Postgresql Postgresql Redhat Enterprise Linux 7.6 Redhat Enterprise Linux 7.4 Redhat Enterprise Linux 7.5 Redhat Enterprise Linux 7.0 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 18.04

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing....

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine....

Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server Aus 7.4

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an...

Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Desktop 6.0 Fedoraproject Sssd

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs...

Freeipa Freeipa Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server Aus 7.3 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Server Eus 7.3 Redhat Enterprise Linux Workstation 7.0

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook