Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18337 3Debian GoogleRedhat 5Chrome Debian LinuxLinux Desktop+2 more Nov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-18336 3Debian GoogleRedhat 5Chrome Debian LinuxLinux Desktop+2 more Nov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-18335 4Debian GoogleOpensuse+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-17481 3Debian GoogleRedhat 5Chrome Debian LinuxLinux Desktop+2 more Nov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-17480 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Oct 24, 2025 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a...Show more Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.Show less
CVE-2018-1000866 2Jenkins Redhat 2Openshift Container Platform Pipeline\ Nov 21, 2024 Dec 10, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/...Show more A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVMShow less
CVE-2018-1000865 2Jenkins Redhat 2Openshift Container Platform Script Security Nov 21, 2024 Dec 10, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to e...Show more A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.Show less
CVE-2018-1000864 2Jenkins Redhat 2Jenkins Openshift Container Platform Nov 21, 2024 Dec 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
CVE-2018-1000863 2Jenkins Redhat 2Jenkins Openshift Container Platform Nov 21, 2024 Dec 10, 2018 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user...Show more A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.Show less
CVE-2018-1000862 2Jenkins Redhat 2Jenkins Openshift Container Platform Nov 21, 2024 Dec 10, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system...Show more An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.Show less
CVE-2018-1000861 2Jenkins Redhat 2Jenkins Openshift Container Platform Nov 5, 2025 Dec 10, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invo...Show more A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.Show less
CVE-2018-5806 2Libraw Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Jun 17, 2026 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5805 2Libraw Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Jun 17, 2026 Dec 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5802 4Canonical DebianLibraw+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Dec 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subseque...Show more An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.Show less
CVE-2018-5801 4Canonical DebianLibraw+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5800 4Canonical DebianLibraw+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a cras...Show more An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.Show less
CVE-2018-18314 5Canonical DebianNetapp+2 more 8Debian Linux E Series Santricity Os ControllerEnterprise Linux+5 more Nov 21, 2024 Dec 7, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18313 6Apple CanonicalDebian+3 more 9Debian Linux E Series Santricity Os ControllerEnterprise Linux+6 more Nov 21, 2024 Dec 7, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18311 8Apple CanonicalDebian+5 more 18Debian Linux E Series Santricity Os ControllerEnterprise Linux+15 more Nov 21, 2024 Dec 7, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-9568 4Canonical GoogleLinux+1 more 9Android Enterprise Linux DesktopEnterprise Linux Server+6 more Jun 17, 2026 Dec 6, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.Show less

Previous 1...121122123...285 Next