Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Desktop
Total 1947 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-14679 5 Cabextract, Cabextract Project, Canonical and 2 more 8 Libmspack, Cabextract, Ubuntu Linux and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
CVE-2018-14665 4 Canonical, Debian, Redhat and 1 more 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more 2024-11-21 7.2 HIGH 6.6 MEDIUM
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVE-2018-14650 2 Redhat, Sos-collector Project 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 3 more 2024-11-21 1.9 LOW 5.9 MEDIUM
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
CVE-2018-14649 1 Redhat 5 Ceph-iscsi-cli, Ceph Storage, Enterprise Linux Desktop and 2 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.
CVE-2018-14647 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
CVE-2018-14646 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
CVE-2018-14638 2 Fedoraproject, Redhat 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-14634 4 Canonical, Linux, Netapp and 1 more 9 Ubuntu Linux, Linux Kernel, Active Iq Performance Analytics Services and 6 more 2024-11-21 7.2 HIGH 7.8 HIGH
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
CVE-2018-14624 3 Debian, Fedoraproject, Redhat 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
CVE-2018-14622 4 Canonical, Debian, Libtirpc Project and 1 more 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
CVE-2018-14599 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVE-2018-14362 5 Canonical, Debian, Mutt and 2 more 10 Ubuntu Linux, Debian Linux, Mutt and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
CVE-2018-14357 5 Canonical, Debian, Mutt and 2 more 10 Ubuntu Linux, Debian Linux, Mutt and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVE-2018-14354 5 Canonical, Debian, Mutt and 2 more 10 Ubuntu Linux, Debian Linux, Mutt and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-13988 4 Canonical, Debian, Freedesktop and 1 more 8 Ubuntu Linux, Debian Linux, Poppler and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
CVE-2018-13785 4 Canonical, Libpng, Oracle and 1 more 7 Ubuntu Linux, Libpng, Jdk and 4 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVE-2018-13405 6 Canonical, Debian, F5 and 3 more 27 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 24 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVE-2018-13033 2 Gnu, Redhat 5 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVE-2018-12910 5 Canonical, Debian, Gnome and 2 more 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2018-12828 6 Adobe, Apple, Google and 3 more 10 Flash Player, Mac Os X, Chrome Os and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.