Filtered by vendor Redhat
Subscribe
Total
5611 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10931 | 2 Cobbler Project, Redhat | 2 Cobbler, Satellite | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. | |||||
CVE-2018-6052 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | |||||
CVE-2016-7070 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. | |||||
CVE-2018-6069 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2018-3830 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
CVE-2017-15415 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | |||||
CVE-2018-6170 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
CVE-2019-5778 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. | |||||
CVE-2018-12374 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. | |||||
CVE-2018-16859 | 1 Redhat | 1 Ansible Engine | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. | |||||
CVE-2018-16088 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. | |||||
CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
CVE-2019-5782 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2016-8653 | 1 Redhat | 2 Jboss A-mq, Jboss Fuse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. | |||||
CVE-2018-16884 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-02-28 | 6.7 MEDIUM | 8.0 HIGH |
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. | |||||
CVE-2019-7664 | 2 Elfutils Project, Redhat | 8 Elfutils, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). | |||||
CVE-2018-17462 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. | |||||
CVE-2018-6063 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | |||||
CVE-2017-2621 | 2 Openstack, Redhat | 2 Heat, Openstack | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | |||||
CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. |