Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-20699 2Docker Redhat 2Engine Enterprise Linux Server Nov 21, 2024 Jan 12, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.g...Show more Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.Show less
CVE-2018-16865 5Canonical DebianOracle+2 more 11Communications Session Border Controller Debian LinuxEnterprise Communications Broker+8 more Nov 21, 2024 Jan 11, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remo...Show more An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.Show less
CVE-2018-16864 5Canonical DebianOracle+2 more 11Communications Session Border Controller Debian LinuxEnterprise Communications Broker+8 more Nov 21, 2024 Jan 11, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacke...Show more An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.Show less
CVE-2018-16866 5Canonical DebianNetapp+2 more 21Active Iq Performance Analytics Services Debian LinuxElement Software+18 more Nov 21, 2024 Jan 11, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 a...Show more An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.Show less
CVE-2019-6133 4Canonical DebianPolkit Project+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Jun 17, 2026 Jan 11, 2019 N/A· v4 6.7 MEDIUM· v3 4.4 MEDIUM· v2 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in...Show more In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.Show less
CVE-2018-20685 9Canonical DebianFujitsu+6 more 22Cloud Backup Debian LinuxElement Software+19 more Dec 17, 2025 Jan 10, 2019 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the...Show more In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.Show less
CVE-2017-1002157 1Redhat 1Modulemd Nov 21, 2024 Jan 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
CVE-2017-1002152 1Redhat 1Bodhi Nov 21, 2024 Jan 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.
CVE-2018-6179 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on t...Show more Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.Show less
CVE-2018-6178 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Exten...Show more Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.Show less
CVE-2018-6175 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-6174 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-6173 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-6172 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-6170 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-6169 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
CVE-2018-6167 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-6166 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-6165 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2018-6164 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Jun 17, 2026 Jan 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Previous 1...115116117...285 Next