Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11218 4Debian OracleRedhat+1 more 4Communications Operations Monitor Debian LinuxOpenstack+1 more Nov 21, 2024 Jun 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVE-2018-1085 1Redhat 1Openshift Container Platform Nov 21, 2024 Jun 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER...Show more openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.Show less
CVE-2018-0495 5Canonical DebianGnupg+2 more 8Ansible Tower Debian LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Jun 13, 2018 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign functi...Show more Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.Show less
CVE-2018-10850 3Debian FedoraprojectRedhat 9389 Directory Server Debian LinuxEnterprise Linux+6 more Nov 21, 2024 Jun 13, 2018 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this fla...Show more 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.Show less
CVE-2018-11806 4Canonical DebianQemu+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Nov 21, 2024 Jun 13, 2018 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-5848 3Debian GoogleRedhat 6Android Debian LinuxEnterprise Linux Desktop+3 more Jun 17, 2026 Jun 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CA...Show more In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.Show less
CVE-2018-5803 3Debian LinuxRedhat 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Jun 12, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cau...Show more In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.Show less
CVE-2018-1103 1Redhat 1Source To Image Nov 21, 2024 Jun 12, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could overrid...Show more Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.Show less
CVE-2018-1070 1Redhat 1Openshift Container Platform Nov 21, 2024 Jun 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a...Show more routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.Show less
CVE-2018-5185 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Jun 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more Nov 21, 2024 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbi...Show more Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.Show less
CVE-2018-5178 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 25, 2025 Jun 11, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to o...Show more A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.Show less
CVE-2018-5170 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Jun 11, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affec...Show more It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.Show less
CVE-2018-5168 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 25, 2025 Jun 11, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction whi...Show more Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5162 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5161 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 21, 2024 Jun 11, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5159 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash trig...Show more An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5158 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 25, 2025 Jun 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF view...Show more The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.Show less
CVE-2018-5157 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 25, 2025 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated...Show more Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.Show less

Previous 1...146147148...285 Next