1) Resource exhaustion

EUVDB-ID: #VU20200

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9512

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Resource exhaustion

EUVDB-ID: #VU20201

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9514

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22831

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-0204

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A remote attacker can attacker can gain root-level privileges on the host.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper access control

EUVDB-ID: #VU18668

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0201

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when "getACL()" command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. A remote attacker can gain READ permissions to list ACL.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Input validation error

EUVDB-ID: #VU17781

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-19362

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The disclosed vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists due to fail to block the jboss-common-coreclass from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to perform unauthorized actions on the system, which could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Path traversal

EUVDB-ID: #VU22873

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-1000850

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences when processing POST, PUT or DELETE requests within the addPathParameter() method in RequestBuilder class. A remote attacker can trick the victim to follow a specially crafted URL and gain access to otherwise restricted resources.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Resource management error

EUVDB-ID: #VU20337

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9515

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in HTTP/2 implementation when processing SETTINGS frames. A remote attacker can send a huge amount of  SETTINGS frames to the peer and consume excessive CPU and memory on the system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Resource exhaustion

EUVDB-ID: #VU20199

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9518

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input within the HTTP.sys driver when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Input validation error

EUVDB-ID: #VU22876

Risk: High

CVSSv3.1:

CVE-ID: CVE-2013-7285

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input passed in XML and JSON formats to the Xstream API. A remote attacker can send specially crafted request to the affected application and execute arbitrary code on the target system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Deserialization of untrusted data

EUVDB-ID: #VU9128

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-7525

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.

Successful exploitation of the vulnerability may result in system compromise.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU22825

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-16869

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked"). A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Deserialization of Untrusted Data

EUVDB-ID: #VU22875

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-10173

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data passed in XML or JSON formats within the xstream API. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Origin validation error

EUVDB-ID: #VU22877

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-14860

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. A remote attacker can use this configuration to conduct phishing attacker and gain access to sensitive information.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Input validation error

EUVDB-ID: #VU17779

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-19361

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The disclosed vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists due to fail to block the openjpa class from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to perform unauthorized actions on the system, which could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Input validation error

EUVDB-ID: #VU17780

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-19360

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The disclosed vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists due to fail to block the axis2-transport-jmsclass from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to perform unauthorized actions on the system, which could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Deserialization of Untrusted Data

EUVDB-ID: #VU19938

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-11307

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the usage of default typing along with a gadget class from iBatis, which allows exfiltration of content. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Improper validation of certificate with host mismatch

EUVDB-ID: #VU14741

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-11775

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

Exploit availability: No

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to the Apache ActiveMQ Client does not validate hostname when using SSL/TLS protocol to connect to the Apache ActiveMQ server. A remote attacker can perform a Man-in-the-Middle (MitM) attack and intercept all traffic between Java client and ActiveMQ server.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Security restrictions bypass

EUVDB-ID: #VU13992

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-8034

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to host name verification when using TLS with the WebSocket client was missing. A remote unauthenticated attacker can bypass security restrictions when using TLS.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Path traversal

EUVDB-ID: #VU15972

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-8009

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

The vulnerability allows a remote attacker to conduct a directory traversal attack on the target system.

The vulnerability exists due to improper validation of files inside an archive file. A remote unauthenticated attacker can trick the victim into extracting a zip file that contains files that use directory traversal characters, cause a malicious file to be created outside the current working directory and cause a denial of service (DoS) condition or execute arbitrary code by overwriting other files on the system.

Successful exploitation of the vulnerability may result in system compromise.

Note: the vulnerability has been dubbed "Zip Slip".

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Deserialization of untrusted data

EUVDB-ID: #VU10257

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-17485

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the FasterXML jackson-databind library due to improper validation of user-input handled by the readValue method of the ObjectMapper object. A remote attacker can send malicious input to the vulnerable method of a web application that uses the Spring library in the application's classpath and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Deserialization of Untrusted Data

EUVDB-ID: #VU22828

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-1131

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data. A local user can pass specially crafted XML or JSON data to a cache configured to accept certain types of objects and execute arbitrary code on the target system with elevated privileges.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) XXE attack

EUVDB-ID: #VU15310

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-11796

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and cause a denial of service (DoS) condition.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Deserialization of Untrusted Data

EUVDB-ID: #VU19942

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-12022

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists when Default Typing is enabled and the service has the Jodd-db jar in the classpath. A remote attacker can provide an LDAP service to access and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) XXE attack

EUVDB-ID: #VU17777

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14720

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

The disclosed vulnerability allows a remote attacker to perform XXE attacks.

The vulnerability exists due to fail to block unspecified Java Development Kit (JDK) classes from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input, conduct an XXE attack to access sensitive information, bypass security restrictions, or cause a denial of service (DoS) condition on the targeted system. 

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU17776

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14721

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to fail to block the axis2-jaxws class from polymorphic deserialization. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Input validation error

EUVDB-ID: #VU17778

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-14719

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The disclosed vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to fail to block blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Remote code execution

EUVDB-ID: #VU17053

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-14718

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the failure to block the slf4j-ext class from polymorphic deserialization. A remote attacker can execute arbitrary code with elevated privileges.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Deserialization of Untrusted Data

EUVDB-ID: #VU19943

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-12023

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists when Default Typing is enabled and the service has the Oracle JDBC jar in the classpath. A remote attacker can provide an LDAP service to access and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Remote code execution

EUVDB-ID: #VU9607

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-15095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

Fuse: 7.4.0

• cpe:2.3:a:red_hat:fuse:7.4.0:*:*:*:*:*:*:*

http://access.redhat.com/errata/RHSA-2019:3892

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?