Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000876 | 3 Canonical, Gnu, Redhat | 7 Ubuntu Linux, Binutils, Ansible Tower and 4 more | 2024-11-21 | 7.8 High |
| binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. | ||||
| CVE-2018-1000858 | 3 Canonical, Gnupg, Redhat | 3 Ubuntu Linux, Gnupg, Enterprise Linux | 2024-11-21 | N/A |
| GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. | ||||
| CVE-2018-1000852 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2024-11-21 | 6.5 Medium |
| FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. | ||||
| CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 15 Ubuntu Linux, Debian Linux, Paramiko and 12 more | 2024-11-21 | 8.8 High |
| Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2018-1000801 | 3 Debian, Kde, Redhat | 3 Debian Linux, Okular, Enterprise Linux | 2024-11-21 | N/A |
| okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | ||||
| CVE-2018-1000632 | 5 Debian, Dom4j Project, Netapp and 2 more | 17 Debian Linux, Dom4j, Oncommand Workflow Automation and 14 more | 2024-11-21 | 7.5 High |
| dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. | ||||
| CVE-2018-1000301 | 5 Canonical, Debian, Haxx and 2 more | 15 Ubuntu Linux, Debian Linux, Curl and 12 more | 2024-11-21 | N/A |
| curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. | ||||
| CVE-2018-1000204 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | N/A |
| Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit. | ||||
| CVE-2018-1000200 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked). | ||||
| CVE-2018-1000199 | 4 Canonical, Debian, Linux and 1 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-11-21 | N/A |
| The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. | ||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 14 Ubuntu Linux, Debian Linux, Enterprise Linux and 11 more | 2024-11-21 | N/A |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | ||||
| CVE-2018-1000135 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Networkmanager, Enterprise Linux | 2024-11-21 | N/A |
| GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. | ||||
| CVE-2018-1000132 | 3 Debian, Mercurial, Redhat | 3 Debian Linux, Mercurial, Enterprise Linux | 2024-11-21 | N/A |
| Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. | ||||
| CVE-2018-1000122 | 5 Canonical, Debian, Haxx and 2 more | 16 Ubuntu Linux, Debian Linux, Curl and 13 more | 2024-11-21 | N/A |
| A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | ||||
| CVE-2018-1000121 | 5 Canonical, Debian, Haxx and 2 more | 16 Ubuntu Linux, Debian Linux, Curl and 13 more | 2024-11-21 | N/A |
| A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service | ||||
| CVE-2018-1000120 | 5 Canonical, Debian, Haxx and 2 more | 16 Ubuntu Linux, Debian Linux, Curl and 13 more | 2024-11-21 | N/A |
| A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | ||||
| CVE-2018-1000119 | 2 Redhat, Sinatrarb | 4 Enterprise Linux, Satellite, Satellite Capsule and 1 more | 2024-11-21 | N/A |
| Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. | ||||
| CVE-2018-1000116 | 3 Debian, Net-snmp, Redhat | 3 Debian Linux, Net-snmp, Enterprise Linux | 2024-11-21 | N/A |
| NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | ||||
| CVE-2018-1000079 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000078 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. | ||||