Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Desktop
Total 1947 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5800 4 Canonical, Debian, Libraw and 1 more 6 Ubuntu Linux, Debian Linux, Libraw and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-5750 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-5748 2 Debian, Redhat 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2018-5740 7 Canonical, Debian, Hp and 4 more 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
CVE-2018-5733 4 Canonical, Debian, Isc and 1 more 8 Ubuntu Linux, Debian Linux, Dhcp and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
CVE-2018-5730 4 Debian, Fedoraproject, Mit and 1 more 6 Debian Linux, Fedora, Kerberos 5 and 3 more 2024-11-21 5.5 MEDIUM 3.8 LOW
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
CVE-2018-5729 4 Debian, Fedoraproject, Mit and 1 more 6 Debian Linux, Fedora, Kerberos 5 and 3 more 2024-11-21 6.5 MEDIUM 4.7 MEDIUM
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
CVE-2018-5683 4 Canonical, Debian, Qemu and 1 more 9 Ubuntu Linux, Debian Linux, Qemu and 6 more 2024-11-21 2.1 LOW 6.0 MEDIUM
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2018-5407 7 Canonical, Debian, Nodejs and 4 more 20 Ubuntu Linux, Debian Linux, Node.js and 17 more 2024-11-21 1.9 LOW 4.7 MEDIUM
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more 2024-11-21 7.8 HIGH 7.5 HIGH
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2018-5390 8 A10networks, Canonical, Cisco and 5 more 40 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 37 more 2024-11-21 7.8 HIGH 7.5 HIGH
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-5345 5 Canonical, Debian, Fedoraproject and 2 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
CVE-2018-5344 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVE-2018-5188 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVE-2018-5185 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2018-5178 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2018-5170 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5168 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.