Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2579 | 6 Canonical, Debian, Hp and 3 more | 20 Ubuntu Linux, Debian Linux, Xp7 Command View and 17 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2018-2562 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2024-11-21 | 7.1 High |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | ||||
| CVE-2018-25091 | 2 Python, Redhat | 2 Urllib3, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | ||||
| CVE-2018-25014 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.8 Critical |
| A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | ||||
| CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||||
| CVE-2018-25011 | 2 Redhat, Webmproject | 4 Enterprise Linux, Rhel Eus, Rhmt and 1 more | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||||
| CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||||
| CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
| CVE-2018-21035 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
| CVE-2018-21009 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-11-21 | N/A |
| Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | ||||
| CVE-2018-20969 | 2 Gnu, Redhat | 6 Patch, Enterprise Linux, Rhel Aus and 3 more | 2024-11-21 | N/A |
| do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | ||||
| CVE-2018-20856 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||||
| CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||
| CVE-2018-20847 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-11-21 | 8.8 High |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | ||||
| CVE-2018-20845 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2024-11-21 | 6.5 Medium |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
| CVE-2018-20836 | 7 Canonical, Debian, F5 and 4 more | 16 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 13 more | 2024-11-21 | 8.1 High |
| An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | ||||
| CVE-2018-20815 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-11-21 | N/A |
| In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | ||||
| CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | ||||