Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Server Eus Subscriptions
Total 625 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-8786 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
CVE-2018-7858 4 Canonical, Opensuse, Qemu and 1 more 11 Ubuntu Linux, Leap, Qemu and 8 more 2024-11-21 5.5 Medium
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
CVE-2018-7750 3 Debian, Paramiko, Redhat 18 Debian Linux, Paramiko, Ansible Engine and 15 more 2024-11-21 9.8 Critical
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-7566 6 Canonical, Debian, Linux and 3 more 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more 2024-11-21 N/A
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-7550 4 Canonical, Debian, Qemu and 1 more 11 Ubuntu Linux, Debian Linux, Qemu and 8 more 2024-11-21 8.8 High
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018-7225 4 Canonical, Debian, Libvncserver Project and 1 more 10 Ubuntu Linux, Debian Linux, Libvncserver and 7 more 2024-11-21 N/A
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2018-6927 4 Canonical, Debian, Linux and 1 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2024-11-21 N/A
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2018-6871 4 Canonical, Debian, Libreoffice and 1 more 10 Ubuntu Linux, Debian Linux, Libreoffice and 7 more 2024-11-21 N/A
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
CVE-2018-6574 3 Debian, Golang, Redhat 8 Debian Linux, Go, Devtools and 5 more 2024-11-21 N/A
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
CVE-2018-6560 2 Flatpak, Redhat 8 Flatpak, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
CVE-2018-5950 4 Canonical, Debian, Gnu and 1 more 10 Ubuntu Linux, Debian Linux, Mailman and 7 more 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
CVE-2018-5750 4 Canonical, Debian, Linux and 1 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2024-11-21 N/A
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-5748 2 Debian, Redhat 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 N/A
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2018-5740 7 Canonical, Debian, Hp and 4 more 12 Ubuntu Linux, Debian Linux, Hp-ux and 9 more 2024-11-21 7.5 High
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
CVE-2018-5733 4 Canonical, Debian, Isc and 1 more 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more 2024-11-21 7.5 High
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
CVE-2018-5683 4 Canonical, Debian, Qemu and 1 more 11 Ubuntu Linux, Debian Linux, Qemu and 8 more 2024-11-21 6.0 Medium
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2018-5407 7 Canonical, Debian, Nodejs and 4 more 23 Ubuntu Linux, Debian Linux, Node.js and 20 more 2024-11-21 4.7 Medium
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 80 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 77 more 2024-11-21 7.5 High
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2018-5390 8 A10networks, Canonical, Cisco and 5 more 47 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 44 more 2024-11-21 7.5 High
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-5379 5 Canonical, Debian, Quagga and 2 more 11 Ubuntu Linux, Debian Linux, Quagga and 8 more 2024-11-21 N/A
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.