Filtered by vendor Redhat
Subscribe
Total
5665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25014 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | |||||
| CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | |||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | |||||
| CVE-2018-25011 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |||||
| CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | |||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | |||||
| CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | |||||
| CVE-2018-20699 | 2 Docker, Redhat | 2 Engine, Enterprise Linux Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||||
| CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | |||||
| CVE-2018-20615 | 4 Canonical, Haproxy, Opensuse and 1 more | 5 Ubuntu Linux, Haproxy, Leap and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. | |||||
| CVE-2018-20346 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | |||||
| CVE-2018-20103 | 3 Canonical, Haproxy, Redhat | 3 Ubuntu Linux, Haproxy, Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. | |||||
| CVE-2018-20102 | 3 Canonical, Haproxy, Redhat | 3 Ubuntu Linux, Haproxy, Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. | |||||
| CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 6 Debian Linux, Exiv2, Fedora and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-1656 | 3 Ibm, Oracle, Redhat | 6 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | |||||
| CVE-2018-1517 | 2 Ibm, Redhat | 5 Software Development Kit, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | |||||
| CVE-2018-1336 | 4 Apache, Canonical, Debian and 1 more | 9 Tomcat, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. | |||||
| CVE-2018-1333 | 4 Apache, Canonical, Netapp and 1 more | 6 Http Server, Ubuntu Linux, Cloud Backup and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). | |||||