Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Desktop Subscriptions
Total 1947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1087 4 Canonical, Debian, Linux and 1 more 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more 2024-11-21 N/A
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
CVE-2018-1083 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Enterprise Linux and 4 more 2024-11-21 N/A
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
CVE-2018-1071 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Enterprise Linux and 4 more 2024-11-21 5.5 Medium
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
CVE-2018-1068 4 Canonical, Debian, Linux and 1 more 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more 2024-11-21 6.7 Medium
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-1061 5 Canonical, Debian, Fedoraproject and 2 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 N/A
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1060 5 Canonical, Debian, Fedoraproject and 2 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 7.5 High
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1054 2 Fedoraproject, Redhat 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-11-21 N/A
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
CVE-2018-1050 4 Canonical, Debian, Redhat and 1 more 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2024-11-21 4.3 Medium
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
CVE-2018-1049 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2024-11-21 5.9 Medium
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
CVE-2018-19535 4 Canonical, Debian, Exiv2 and 1 more 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more 2024-11-21 6.5 Medium
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
CVE-2018-19477 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE-2018-19476 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-19475 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 N/A
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19134 3 Artifex, Debian, Redhat 8 Ghostscript, Debian Linux, Enterprise Linux and 5 more 2024-11-21 N/A
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
CVE-2018-19108 4 Canonical, Debian, Exiv2 and 1 more 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more 2024-11-21 6.5 Medium
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
CVE-2018-19107 4 Canonical, Debian, Exiv2 and 1 more 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more 2024-11-21 6.5 Medium
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVE-2018-19058 4 Canonical, Debian, Freedesktop and 1 more 7 Ubuntu Linux, Debian Linux, Poppler and 4 more 2024-11-21 6.5 Medium
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-19039 3 Grafana, Netapp, Redhat 7 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 4 more 2024-11-21 N/A
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
CVE-2018-18897 4 Canonical, Debian, Freedesktop and 1 more 10 Ubuntu Linux, Debian Linux, Poppler and 7 more 2024-11-21 6.5 Medium
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.