Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13604 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-14434 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-08-05 | N/A |
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | ||||
CVE-2018-14437 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-08-05 | N/A |
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | ||||
CVE-2018-14357 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | ||||
CVE-2018-14354 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | ||||
CVE-2018-14368 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. | ||||
CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | ||||
CVE-2018-14355 | 5 Canonical, Debian, Mutt and 2 more | 5 Ubuntu Linux, Debian Linux, Mutt and 2 more | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | ||||
CVE-2018-14348 | 4 Debian, Fedoraproject, Libcgroup Project and 1 more | 4 Debian Linux, Fedora, Libcgroup and 1 more | 2024-08-05 | N/A |
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | ||||
CVE-2018-14340 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. | ||||
CVE-2018-14341 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | ||||
CVE-2018-14040 | 3 Debian, Getbootstrap, Redhat | 6 Debian Linux, Bootstrap, Enterprise Linux and 3 more | 2024-08-05 | N/A |
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | ||||
CVE-2018-14042 | 2 Getbootstrap, Redhat | 6 Bootstrap, Enterprise Linux, Jboss Enterprise Application Platform and 3 more | 2024-08-05 | N/A |
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | ||||
CVE-2018-14046 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. | ||||
CVE-2018-14036 | 2 Freedesktop, Redhat | 2 Accountsservice, Enterprise Linux | 2024-08-05 | N/A |
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. | ||||
CVE-2018-13988 | 4 Canonical, Debian, Freedesktop and 1 more | 9 Ubuntu Linux, Debian Linux, Poppler and 6 more | 2024-08-05 | N/A |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. | ||||
CVE-2018-13796 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-08-05 | N/A |
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. | ||||
CVE-2018-13440 | 3 Audio File Library Project, Canonical, Redhat | 3 Audio File Library, Ubuntu Linux, Enterprise Linux | 2024-08-05 | N/A |
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. | ||||
CVE-2018-13405 | 6 Canonical, Debian, F5 and 3 more | 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more | 2024-08-05 | 7.8 High |
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. | ||||
CVE-2018-13346 | 2 Mercurial, Redhat | 2 Mercurial, Enterprise Linux | 2024-08-05 | N/A |
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | ||||
CVE-2018-13347 | 2 Mercurial, Redhat | 2 Mercurial, Enterprise Linux | 2024-08-05 | N/A |
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. |