Enterprise Linux Desktop

enterprise_linux_desktop

Vendor: Redhat • 1,928 CVEs

CVEs (1,928)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10120 4Canonical DebianLibreoffice+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Apr 16, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of ser...Show more The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.Show less
CVE-2018-10119 4Canonical DebianLibreoffice+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Apr 16, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-fre...Show more sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.Show less
CVE-2018-1100 3Canonical RedhatZsh 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Apr 11, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
CVE-2018-1000156 4Canonical DebianGnu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Apr 14, 2025 Apr 6, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via...Show more GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.Show less
CVE-2018-4117 5Apple CanonicalDebian+2 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Apr 3, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is...Show more An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.Show less
CVE-2017-7000 4Apple ChromiumDebian+1 more 7Chromium Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Apr 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause...Show more An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.Show less
CVE-2018-1094 3Canonical LinuxRedhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Apr 2, 2018 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL p...Show more The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.Show less
CVE-2018-7566 6Canonical DebianLinux+3 more 12Communications Eagle Application Processor Debian LinuxEnterprise Linux Desktop+9 more Nov 21, 2024 Mar 30, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-1083 4Canonical DebianRedhat+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Mar 28, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the con...Show more Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.Show less
CVE-2018-1312 5Apache CanonicalDebian+2 more 13Cloud Backup Clustered Data OntapDebian Linux+10 more Nov 21, 2024 Mar 26, 2018 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a co...Show more In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.Show less
CVE-2018-8976 3Debian Exiv2Redhat 5Debian Linux Enterprise Linux DesktopEnterprise Linux Server+2 more Nov 21, 2024 Mar 25, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
CVE-2018-1000140 4Canonical DebianRedhat+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Mar 23, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote...Show more rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.Show less
CVE-2018-8945 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Mar 22, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a l...Show more The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.Show less
CVE-2018-8905 4Canonical DebianLibtiff+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Mar 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-8088 3Oracle QosRedhat 13Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+10 more Nov 21, 2024 Mar 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has b...Show more org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.Show less
CVE-2018-1068 4Canonical DebianLinux+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Mar 16, 2018 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-1000122 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-1000121 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-1000120 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2018-7750 3Debian ParamikoRedhat 11Ansible Engine CloudformsDebian Linux+8 more Nov 21, 2024 Mar 13, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly chec...Show more transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.Show less

Previous 1...424344...97 Next