Filtered by vendor Redhat
Subscribe
Total
5607 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18500 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. | |||||
| CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 6 Debian Linux, Exiv2, Fedora and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2019-5774 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | |||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | |||||
| CVE-2018-14667 | 1 Redhat | 2 Enterprise Linux, Richfaces | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | |||||
| CVE-2018-18354 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. | |||||
| CVE-2018-3282 | 6 Canonical, Debian, Mariadb and 3 more | 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-8383 | 4 Advancemame, Debian, Fedoraproject and 1 more | 6 Advancecomp, Debian Linux, Fedora and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | |||||
| CVE-2018-19208 | 3 Libwpd Project, Redhat, Suse | 3 Libwpd, Enterprise Linux, Suse Linux Enterprise Server | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. | |||||
| CVE-2018-6092 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2018-6049 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | |||||
| CVE-2016-8609 | 1 Redhat | 1 Keycloak | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | |||||
| CVE-2018-6070 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2018-18520 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | |||||
| CVE-2018-14652 | 2 Debian, Redhat | 5 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | |||||
| CVE-2018-6041 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-5777 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2018-17466 | 4 Canonical, Debian, Google and 1 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2019-2533 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | |||||