Redhat: >> Enterprise Linux >> 7.0 Security Vulnerabilities
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
CVSS Score
6.8
EPSS Score
0.003
Published
2019-10-14
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
CVSS Score
5.2
EPSS Score
0.004
Published
2019-10-14
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-10-07
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVSS Score
1.6
EPSS Score
0.025
Published
2019-10-03
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
CVSS Score
7.5
EPSS Score
0.022
Published
2019-10-03
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
CVSS Score
7.0
EPSS Score
0.013
Published
2019-10-03
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVSS Score
7.5
EPSS Score
0.042
Published
2019-10-03
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVSS Score
7.5
EPSS Score
0.028
Published
2019-10-03
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
CVSS Score
7.5
EPSS Score
0.019
Published
2019-10-03
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
CVSS Score
7.5
EPSS Score
0.138
Published
2019-10-03