Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10913 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2018-10911 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
CVE-2018-10907 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit thi...Show more It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.Show less
CVE-2018-10904 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and...Show more It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.Show less
CVE-2018-14627 1Redhat 1Wildfly Nov 21, 2024 Sep 4, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create...Show more The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>Show less
CVE-2018-16435 4Canonical DebianLittlecms+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Sep 4, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second...Show more Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.Show less
CVE-2018-16402 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Sep 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-14622 4Canonical DebianLibtirpc Project+1 more 8Debian Linux Enterprise LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Aug 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maxim...Show more A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.Show less
CVE-2018-10936 2Postgresql Redhat 2Enterprise Linux Postgresql Jdbc Driver Nov 21, 2024 Aug 30, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition...Show more A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.Show less
CVE-2018-15727 2Grafana Redhat 2Ceph Storage Grafana Nov 21, 2024 Aug 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVE-2018-12828 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Aug 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-12827 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Aug 29, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-12826 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Aug 29, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-12825 2Adobe Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Nov 21, 2024 Aug 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
CVE-2018-12824 2Adobe Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Aug 29, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-16062 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Aug 29, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2017-15429 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-15399 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15398 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
CVE-2017-15396 4Debian GoogleIcu Project+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Aug 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potent...Show more A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Show less

Previous 1...134135136...285 Next