Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Server Eus
Subscriptions
Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14665 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2024-08-05 | N/A |
| A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | ||||
| CVE-2018-14650 | 2 Redhat, Sos-collector Project | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-08-05 | N/A |
| It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | ||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2024-08-05 | 7.5 High |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | ||||
| CVE-2018-14624 | 3 Debian, Fedoraproject, Redhat | 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more | 2024-08-05 | N/A |
| A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. | ||||
| CVE-2018-14357 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | ||||
| CVE-2018-14354 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | ||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | ||||
| CVE-2018-12405 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | ||||
| CVE-2018-12389 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2024-08-05 | N/A |
| Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. | ||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2018-12393 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | ||||
| CVE-2018-12366 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2018-12390 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | ||||
| CVE-2018-12365 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2018-12359 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2018-12379 | 3 Debian, Mozilla, Redhat | 11 Debian Linux, Firefox, Firefox Esr and 8 more | 2024-08-05 | N/A |
| When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | ||||
| CVE-2018-12376 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | ||||
| CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. | ||||
| CVE-2018-12377 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | ||||
| CVE-2018-12397 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-08-05 | N/A |
| A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | ||||