Filtered by vendor Redhat
Subscriptions
Total
22776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15981 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-15978 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-15967 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more | 2024-11-21 | N/A |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | ||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 10 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 7 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | ||||
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more | 2024-11-21 | N/A |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | ||||
| CVE-2018-15908 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
| In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | ||||
| CVE-2018-15864 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | ||||
| CVE-2018-15863 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | ||||
| CVE-2018-15862 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | ||||
| CVE-2018-15861 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | ||||
| CVE-2018-15859 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | ||||
| CVE-2018-15857 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | ||||
| CVE-2018-15856 | 3 Canonical, Redhat, Xkbcommon | 3 Ubuntu Linux, Enterprise Linux, Xkbcommon | 2024-11-21 | N/A |
| An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | ||||
| CVE-2018-15855 | 3 Canonical, Redhat, Xkbcommon Project | 3 Ubuntu Linux, Enterprise Linux, Xkbcommon | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | ||||
| CVE-2018-15854 | 3 Canonical, Redhat, Xkbcommon Project | 3 Ubuntu Linux, Enterprise Linux, Xkbcommon | 2024-11-21 | N/A |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | ||||
| CVE-2018-15853 | 3 Canonical, Redhat, Xkbcommon | 4 Ubuntu Linux, Enterprise Linux, Libxkbcommon and 1 more | 2024-11-21 | N/A |
| Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | ||||
| CVE-2018-15758 | 2 Pivotal Software, Redhat | 2 Spring Security Oauth, Jboss Fuse | 2024-11-21 | N/A |
| Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | ||||
| CVE-2018-15756 | 4 Debian, Oracle, Redhat and 1 more | 42 Debian Linux, Agile Plm, Communications Brm - Elastic Charging Engine and 39 more | 2024-11-21 | 7.5 High |
| Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. | ||||
| CVE-2018-15746 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-11-21 | 5.5 Medium |
| qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | ||||