Filtered by vendor Redhat
Subscriptions
Total
23057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7566 | 6 Canonical, Debian, Linux and 3 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-11-21 | N/A |
| The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | ||||
| CVE-2018-7550 | 4 Canonical, Debian, Qemu and 1 more | 11 Ubuntu Linux, Debian Linux, Qemu and 8 more | 2024-11-21 | 8.8 High |
| The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | ||||
| CVE-2018-7549 | 3 Canonical, Redhat, Zsh | 6 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | ||||
| CVE-2018-7537 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | ||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | ||||
| CVE-2018-7489 | 4 Debian, Fasterxml, Oracle and 1 more | 10 Debian Linux, Jackson-databind, Communications Billing And Revenue Management and 7 more | 2024-11-21 | N/A |
| FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. | ||||
| CVE-2018-7485 | 2 Redhat, Unixodbc | 3 Enterprise Linux, Rhel Eus, Unixodbc | 2024-11-21 | N/A |
| The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | ||||
| CVE-2018-7456 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) | ||||
| CVE-2018-7418 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. | ||||
| CVE-2018-7409 | 2 Redhat, Unixodbc | 3 Enterprise Linux, Rhel Eus, Unixodbc | 2024-11-21 | N/A |
| In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. | ||||
| CVE-2018-7263 | 2 Redhat, Underbit | 2 Enterprise Linux, Libmad | 2024-11-21 | N/A |
| The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. | ||||
| CVE-2018-7262 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | N/A |
| In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | ||||
| CVE-2018-7225 | 4 Canonical, Debian, Libvncserver Project and 1 more | 10 Ubuntu Linux, Debian Linux, Libvncserver and 7 more | 2024-11-21 | N/A |
| An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. | ||||
| CVE-2018-7208 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. | ||||
| CVE-2018-7191 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | ||||
| CVE-2018-7167 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-11-21 | 7.5 High |
| Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. | ||||
| CVE-2018-7166 | 2 Nodejs, Redhat | 3 Node.js, Openshift Application Runtimes, Rhel Software Collections | 2024-11-21 | 7.5 High |
| In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. | ||||
| CVE-2018-7161 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-11-21 | 7.5 High |
| All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation. | ||||
| CVE-2018-7160 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-11-21 | 8.8 High |
| The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | ||||
| CVE-2018-7159 | 2 Nodejs, Redhat | 3 Node.js, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 5.3 Medium |
| The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. | ||||