Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9600 3Canonical Jasper ProjectRedhat 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+5 more Nov 21, 2024 Mar 12, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9589 1Redhat 1Jboss Wildfly Application Server Nov 21, 2024 Mar 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that th...Show more Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.Show less
CVE-2016-8629 1Redhat 2Keycloak Single Sign On Nov 21, 2024 Mar 12, 2018 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw...Show more Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.Show less
CVE-2016-5314 4Debian LibtiffOpensuse+1 more 5Debian Linux Enterprise LinuxLeap+2 more Nov 21, 2024 Mar 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a craft...Show more Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.Show less
CVE-2014-8130 3Apple LibtiffRedhat 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Mar 12, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that i...Show more The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.Show less
CVE-2014-8129 4Apple DebianLibtiff+1 more 8Debian Linux Enterprise Linux ServerEnterprise Linux Server Aus+5 more Nov 21, 2024 Mar 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the Bit...Show more LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.Show less
CVE-2018-7536 4Canonical DebianDjangoproject+1 more 4Debian Linux DjangoOpenstack+1 more Jun 17, 2026 Mar 9, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulne...Show more An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.Show less
CVE-2016-9606 1Redhat 1Resteasy Nov 21, 2024 Mar 9, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy...Show more JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.Show less
CVE-2016-9591 3Debian Jasper ProjectRedhat 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Mar 9, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2016-8612 3Apache NetappRedhat 3Enterprise Linux Http ServerStorage Automation Store Nov 21, 2024 Mar 9, 2018 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2018-1071 4Canonical DebianRedhat+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Mar 9, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
CVE-2016-9585 1Redhat 1Jboss Enterprise Application Platform Nov 21, 2024 Mar 9, 2018 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of s...Show more Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.Show less
CVE-2018-1069 1Redhat 1Openshift Nov 21, 2024 Mar 9, 2018 N/A· v4 7.1 HIGH· v3 5.4 MEDIUM· v2 Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on t...Show more Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.Show less
CVE-2017-12174 2Apache Redhat 4Activemq Artemis ArtemisHornetq+1 more Jun 15, 2026 Mar 7, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memor...Show more It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.Show less
CVE-2018-1054 2Fedoraproject Redhat 4389 Directory Server Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Mar 7, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make n...Show more An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.Show less
CVE-2018-7740 4Canonical DebianLinux+1 more 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Jun 17, 2026 Mar 7, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument...Show more The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.Show less
CVE-2018-5730 4Debian FedoraprojectMit+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Mar 6, 2018 N/A· v4 3.8 LOW· v3 5.5 MEDIUM· v2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument,...Show more MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.Show less
CVE-2018-5729 4Debian FedoraprojectMit+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Jun 17, 2026 Mar 6, 2018 N/A· v4 4.7 MEDIUM· v3 6.5 MEDIUM· v2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagg...Show more MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.Show less
CVE-2018-7727 2Gdraheim Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Jun 17, 2026 Mar 6, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
CVE-2018-7726 3Canonical GdraheimRedhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Jun 17, 2026 Mar 6, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip fil...Show more An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.Show less

Previous 1...160161162...285 Next