Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13612 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-08-05 | 7.5 High |
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-08-05 | 9.1 Critical |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||||
CVE-2018-25011 | 2 Redhat, Webmproject | 4 Enterprise Linux, Rhel Eus, Rhmt and 1 more | 2024-08-05 | 9.8 Critical |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||||
CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-08-05 | 9.1 Critical |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||||
CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-08-05 | 9.1 Critical |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||||
CVE-2018-21035 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-08-05 | 7.5 High |
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
CVE-2018-21009 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-08-05 | N/A |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | ||||
CVE-2018-20969 | 2 Gnu, Redhat | 6 Patch, Enterprise Linux, Rhel Aus and 3 more | 2024-08-05 | N/A |
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | ||||
CVE-2018-20534 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Libsolv, Enterprise Linux | 2024-08-05 | N/A |
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application | ||||
CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-08-05 | N/A |
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||
CVE-2018-20856 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-08-05 | N/A |
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||||
CVE-2018-20847 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-08-05 | 8.8 High |
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | ||||
CVE-2018-20845 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2024-08-05 | 6.5 Medium |
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
CVE-2018-20843 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-05 | 7.5 High |
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | ||||
CVE-2018-20783 | 3 Opensuse, Php, Redhat | 4 Leap, Php, Enterprise Linux and 1 more | 2024-08-05 | N/A |
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. | ||||
CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | ||||
CVE-2018-20836 | 7 Canonical, Debian, F5 and 4 more | 16 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 13 more | 2024-08-05 | 8.1 High |
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | ||||
CVE-2018-20815 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-08-05 | N/A |
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | ||||
CVE-2018-20676 | 2 Getbootstrap, Redhat | 8 Bootstrap, Ceph Storage, Enterprise Linux and 5 more | 2024-08-05 | N/A |
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | ||||
CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-08-05 | 6.5 Medium |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. |