CPE Details
Redhat Virtualization 4.2
4.2
2019-05-29
13h31 +00:00
13h31 +00:00
2019-05-29
13h31 +00:00
13h31 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
Informations
Vendor
redhatProduct
virtualizationVersion
4.2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | 8.8 |
High |
||
| It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. | 6.5 |
Medium |
||
| Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | 5.9 |
Medium |
2025©
tesweb SA
