Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15083 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 10 Glibc, Data Ontap Edge, Element Software Management and 7 more | 2024-11-21 | N/A |
| stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | ||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 10 Ubuntu Linux, Debian Linux, Git and 7 more | 2024-11-21 | N/A |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | ||||
| CVE-2018-11214 | 4 Canonical, Debian, Ijg and 1 more | 4 Ubuntu Linux, Debian Linux, Libjpeg and 1 more | 2024-11-21 | N/A |
| An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||||
| CVE-2018-11213 | 4 Canonical, Debian, Ijg and 1 more | 4 Ubuntu Linux, Debian Linux, Libjpeg and 1 more | 2024-11-21 | N/A |
| An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||||
| CVE-2018-11212 | 7 Canonical, Debian, Ijg and 4 more | 16 Ubuntu Linux, Debian Linux, Libjpeg and 13 more | 2024-11-21 | N/A |
| An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. | ||||
| CVE-2018-11053 | 4 Citrix, Dell, Redhat and 1 more | 4 Xenserver, Emc Idrac Service Module, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. | ||||
| CVE-2018-11037 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | ||||
| CVE-2018-10999 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. | ||||
| CVE-2018-10998 | 4 Canonical, Debian, Exiv2 and 1 more | 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | ||||
| CVE-2018-10963 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | ||||
| CVE-2018-10958 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | N/A |
| In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | ||||
| CVE-2018-10940 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | ||||
| CVE-2018-10936 | 2 Postgresql, Redhat | 2 Postgresql Jdbc Driver, Enterprise Linux | 2024-11-21 | N/A |
| A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. | ||||
| CVE-2018-10935 | 1 Redhat | 2 389 Directory Server, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | ||||
| CVE-2018-10933 | 6 Canonical, Debian, Libssh and 3 more | 10 Ubuntu Linux, Debian Linux, Libssh and 7 more | 2024-11-21 | N/A |
| A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. | ||||
| CVE-2018-10932 | 2 Intel, Redhat | 2 Lldptool, Enterprise Linux | 2024-11-21 | N/A |
| lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. | ||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 8 Debian Linux, Glusterfs, Leap and 5 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | ||||
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10928 | 4 Debian, Gluster, Opensuse and 1 more | 8 Debian Linux, Glusterfs, Leap and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.1 High |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | ||||