Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-6086 3Debian GoogleRedhat 5Chrome Debian LinuxLinux Desktop+2 more Jun 17, 2026 Dec 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-6085 3Debian GoogleRedhat 5Chrome Debian LinuxLinux Desktop+2 more Jun 17, 2026 Dec 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-16863 2Artifex Redhat 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 more Nov 21, 2024 Dec 3, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a...Show more It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.Show less
CVE-2018-16476 2Redhat Rubyonrails 2Cloudforms Rails Nov 21, 2024 Nov 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they shoul...Show more A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.Show less
CVE-2018-14637 1Redhat 1Keycloak Nov 21, 2024 Nov 30, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
CVE-2018-15981 2Adobe Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15978 2Adobe Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Nov 29, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-8787 4Canonical DebianFreerdp+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more Jun 17, 2026 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8786 5Canonical DebianFedoraproject+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Jun 17, 2026 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code exec...Show more FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.Show less
CVE-2018-16859 1Redhat 1Ansible Engine Nov 21, 2024 Nov 29, 2018 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator pri...Show more Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.Show less
CVE-2018-12121 2Nodejs Redhat 8Enterprise Linux Enterprise Linux DesktopEnterprise Linux Eus+5 more Dec 27, 2024 Nov 28, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and...Show more Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.Show less
CVE-2018-16862 4Canonical DebianLinux+1 more 4Debian Linux Enterprise LinuxLinux Kernel+1 more Nov 21, 2024 Nov 26, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cle...Show more A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.Show less
CVE-2018-14646 2Linux Redhat 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 more Nov 21, 2024 Nov 26, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net na...Show more The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.Show less
CVE-2018-19535 4Canonical DebianExiv2+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Nov 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
CVE-2018-19477 4Artifex CanonicalDebian+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE-2018-19476 4Artifex CanonicalDebian+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-19475 4Artifex CanonicalDebian+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVE-2018-19409 4Artifex CanonicalDebian+1 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Nov 21, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-16396 4Canonical DebianRedhat+1 more 4Debian Linux Enterprise LinuxRuby+1 more Nov 21, 2024 Nov 16, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395 4Canonical DebianRedhat+1 more 5Debian Linux Enterprise LinuxOpenssl+2 more Nov 21, 2024 Nov 16, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the o...Show more An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.Show less

Previous 1...123124125...285 Next