Search
Search Results (66 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16863 | 2 Artifex, Redhat | 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | ||||
| CVE-2018-15746 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-11-21 | 5.5 Medium |
| qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | ||||
| CVE-2017-7525 | 5 Debian, Fasterxml, Netapp and 2 more | 30 Debian Linux, Jackson-databind, Oncommand Balance and 27 more | 2024-11-21 | 9.8 Critical |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | ||||
| CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). | ||||
| CVE-2017-15095 | 5 Debian, Fasterxml, Netapp and 2 more | 31 Debian Linux, Jackson-databind, Oncommand Balance and 28 more | 2024-11-21 | 9.8 Critical |
| A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. | ||||
| CVE-2016-7076 | 2 Redhat, Sudo Project | 2 Enterprise Linux, Sudo | 2024-11-21 | N/A |
| sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. | ||||