Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Workstation Subscriptions
Total 1849 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-16876 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Ansible and 7 more 2024-11-21 5.3 Medium
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2018-16871 3 Linux, Netapp, Redhat 31 Linux Kernel, Cloud Backup, H300e and 28 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVE-2018-16866 5 Canonical, Debian, Netapp and 2 more 26 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 23 more 2024-11-21 3.3 Low
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
CVE-2018-16865 5 Canonical, Debian, Oracle and 2 more 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more 2024-11-21 7.8 High
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
CVE-2018-16864 5 Canonical, Debian, Oracle and 2 more 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more 2024-11-21 7.8 High
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
CVE-2018-16863 2 Artifex, Redhat 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
CVE-2018-16802 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 N/A
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
CVE-2018-16542 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 N/A
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
CVE-2018-16541 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 N/A
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-16540 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
CVE-2018-16539 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 N/A
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
CVE-2018-16511 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 N/A
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
CVE-2018-16509 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more 2024-11-21 N/A
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVE-2018-16435 4 Canonical, Debian, Littlecms and 1 more 7 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 4 more 2024-11-21 N/A
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 10 Ubuntu Linux, Debian Linux, Elfutils and 7 more 2024-11-21 9.8 Critical
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16088 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 N/A
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
CVE-2018-16084 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 N/A
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
CVE-2018-16083 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 N/A
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-16082 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 N/A
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2018-16081 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 N/A
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.