Enterprise Linux Server

enterprise_linux_server

Vendor: Redhat • 1,891 CVEs

CVEs (1,891)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7725 3Canonical GdraheimRedhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Jul 10, 2025 Mar 6, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
CVE-2018-7643 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Mar 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF...Show more The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.Show less
CVE-2018-7642 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Mar 2, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NU...Show more The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.Show less
CVE-2017-15134 2Fedoraproject Redhat 5389 Directory Server Enterprise LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Mar 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentiall...Show more A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.Show less
CVE-2018-7550 4Canonical DebianQemu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Mar 1, 2018 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which trig...Show more The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.Show less
CVE-2018-7569 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Feb 28, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an E...Show more dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.Show less
CVE-2018-7568 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Feb 28, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application cra...Show more The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.Show less
CVE-2018-7549 3Canonical RedhatZsh 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-6764 3Canonical DebianRedhat 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a craf...Show more util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.Show less
CVE-2018-7225 4Canonical DebianLibvncserver Project+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspe...Show more An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.Show less
CVE-2018-5379 5Canonical DebianQuagga+2 more 9Debian Linux Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of s...Show more The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.Show less
CVE-2018-7208 2Gnu Redhat 4Binutils Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Feb 18, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial o...Show more In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.Show less
CVE-2018-1049 4Canonical DebianRedhat+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Aus+8 more Nov 21, 2024 Feb 16, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes tha...Show more In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.Show less
CVE-2018-6927 4Canonical DebianLinux+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Feb 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wak...Show more The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.Show less
CVE-2018-1000026 4Canonical DebianLinux+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Feb 9, 2018 N/A· v4 7.7 HIGH· v3 6.8 MEDIUM· v2 Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes car...Show more Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..Show less
CVE-2018-6871 4Canonical DebianLibreoffice+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Feb 9, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
CVE-2018-6574 3Debian GolangRedhat 6Debian Linux Enterprise Linux ServerEnterprise Linux Server Aus+3 more Nov 21, 2024 Feb 7, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -p...Show more Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.Show less
CVE-2018-4878 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 18, 2025 Feb 6, 2018 N/A· v4 7.8 HIGH· v3 7.5 HIGH· v2 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A succ...Show more A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.Show less
CVE-2018-4877 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality....Show more A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.Show less
CVE-2018-6560 2Flatpak Redhat 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 more Nov 21, 2024 Feb 2, 2018 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not ident...Show more In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.Show less

Previous 1...464748...95 Next