Redhat: Security Vulnerabilities
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-11-08
In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-08
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-11-07
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-07
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-07
Pagure: XSS possible in file attachment endpoint
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-06
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-11-06
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS Score
5.9
EPSS Score
0.124
Published
2019-11-05
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-11-05
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-05