Filtered by vendor Redhat
Subscribe
Total
5610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||||
| CVE-2018-10894 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. | |||||
| CVE-2018-17464 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2017-3135 | 4 Debian, Isc, Netapp and 1 more | 10 Debian Linux, Bind, Data Ontap Edge and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. | |||||
| CVE-2018-18397 | 3 Canonical, Linux, Redhat | 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | |||||
| CVE-2018-6046 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | |||||
| CVE-2019-5760 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-20699 | 2 Docker, Redhat | 2 Engine, Enterprise Linux Server | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||||
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | |||||
| CVE-2018-17206 | 4 Canonical, Debian, Openvswitch and 1 more | 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. | |||||
| CVE-2018-1000808 | 3 Canonical, Pyopenssl Project, Redhat | 7 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 4 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. | |||||
| CVE-2018-6082 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
| Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | |||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2024-02-28 | 3.5 LOW | 6.6 MEDIUM |
| ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. | |||||
| CVE-2018-5806 | 2 Libraw, Redhat | 4 Libraw, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | |||||
| CVE-2018-16068 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-10883 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2017-2640 | 3 Debian, Pidgin, Redhat | 7 Debian Linux, Pidgin, Enterprise Linux Desktop and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | |||||
| CVE-2018-6175 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||