ReportizFlow
Filtered by vendor Redhat
Subscriptions
Total
23180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5256 | 1 Redhat | 1 Tectonic | 2024-11-21 | 7.5 High |
| CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges. | ||||
| CVE-2018-5188 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-11-21 | N/A |
| Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2018-5185 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-5184 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-5179 | 2 Mozilla, Redhat | 2 Firefox, Rhel Extras | 2024-11-21 | N/A |
| A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | ||||
| CVE-2018-5170 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-5162 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-5161 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-5008 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-5007 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-5001 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-5000 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4945 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-4944 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-11-21 | N/A |
| Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-4937 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 8.8 High |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-4936 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 6.5 Medium |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4935 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 8.8 High |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-4934 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 6.5 Medium |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4933 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 6.5 Medium |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4932 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-11-21 | 8.8 High |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||