Filtered by vendor Redhat
Subscriptions
Total
22915 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17459 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | N/A |
| Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2018-17458 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | N/A |
| An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2018-17456 | 4 Canonical, Debian, Git-scm and 1 more | 12 Ubuntu Linux, Debian Linux, Git and 9 more | 2024-11-21 | N/A |
| Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | ||||
| CVE-2018-17419 | 2 Dns Library Project, Redhat | 2 Dns Library, Openshift | 2024-11-21 | 7.5 High |
| An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||||
| CVE-2018-17407 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. | ||||
| CVE-2018-17336 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Udisks, Enterprise Linux | 2024-11-21 | N/A |
| UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | ||||
| CVE-2018-17282 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | ||||
| CVE-2018-17246 | 2 Elastic, Redhat | 3 Kibana, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2018-17230 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | ||||
| CVE-2018-17229 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | ||||
| CVE-2018-17206 | 4 Canonical, Debian, Openvswitch and 1 more | 5 Ubuntu Linux, Debian Linux, Openvswitch and 2 more | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. | ||||
| CVE-2018-17205 | 3 Canonical, Openvswitch, Redhat | 4 Ubuntu Linux, Openvswitch, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. | ||||
| CVE-2018-17204 | 4 Canonical, Debian, Openvswitch and 1 more | 5 Ubuntu Linux, Debian Linux, Openvswitch and 2 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. | ||||
| CVE-2018-17199 | 6 Apache, Canonical, Debian and 3 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
| In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. | ||||
| CVE-2018-17189 | 7 Apache, Canonical, Debian and 4 more | 14 Http Server, Ubuntu Linux, Debian Linux and 11 more | 2024-11-21 | 5.3 Medium |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. | ||||
| CVE-2018-17183 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | ||||
| CVE-2018-17182 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. | ||||
| CVE-2018-17101 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2018-17100 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2018-17095 | 3 Audio File Library Project, Canonical, Redhat | 3 Audio File Library, Ubuntu Linux, Enterprise Linux | 2024-11-21 | 8.8 High |
| An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | ||||