ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Eus
Subscriptions
Total
2806 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000074 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000073 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000007 | 5 Canonical, Debian, Fujitsu and 2 more | 27 Ubuntu Linux, Debian Linux, M10-1 and 24 more | 2024-11-21 | 9.8 Critical |
| libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. | ||||
| CVE-2018-1000004 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
| In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | ||||
| CVE-2018-0495 | 5 Canonical, Debian, Gnupg and 2 more | 14 Ubuntu Linux, Debian Linux, Libgcrypt and 11 more | 2024-11-21 | N/A |
| Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2017-5754 | 3 Arm, Intel, Redhat | 218 Cortex-a, Atom C, Atom E and 215 more | 2024-11-21 | N/A |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | ||||
| CVE-2017-5715 | 8 Arm, Canonical, Debian and 5 more | 230 Cortex-a, Ubuntu Linux, Debian Linux and 227 more | 2024-11-21 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2017-3145 | 5 Debian, Isc, Juniper and 2 more | 43 Debian Linux, Bind, Junos and 40 more | 2024-11-21 | 7.5 High |
| BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. | ||||
| CVE-2017-3139 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Server Aus, Enterprise Linux Server Eus and 5 more | 2024-11-21 | 7.5 High |
| A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. | ||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 16 Debian Linux, Bind, Data Ontap Edge and 13 more | 2024-11-21 | N/A |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | ||||
| CVE-2017-18922 | 6 Canonical, Fedoraproject, Libvncserver Project and 3 more | 19 Ubuntu Linux, Fedora, Libvncserver and 16 more | 2024-11-21 | 9.8 Critical |
| It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | ||||
| CVE-2017-18595 | 3 Linux, Opensuse, Redhat | 9 Linux Kernel, Leap, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | ||||
| CVE-2017-18551 | 3 Linux, Opensuse, Redhat | 8 Linux Kernel, Leap, Enterprise Linux and 5 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | ||||
| CVE-2017-18344 | 3 Canonical, Linux, Redhat | 16 Ubuntu Linux, Linux Kernel, Enterprise Linux and 13 more | 2024-11-21 | N/A |
| The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). | ||||
| CVE-2017-18208 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-11-21 | N/A |
| The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | ||||
| CVE-2017-17742 | 3 Debian, Redhat, Ruby-lang | 8 Debian Linux, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | N/A |
| Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. | ||||
| CVE-2017-15129 | 4 Canonical, Fedoraproject, Linux and 1 more | 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more | 2024-11-21 | 4.7 Medium |
| A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | ||||
| CVE-2017-13215 | 2 Google, Redhat | 5 Android, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
| A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | ||||
| CVE-2016-3709 | 2 Redhat, Xmlsoft | 3 Enterprise Linux, Rhel Eus, Libxml2 | 2024-11-21 | 6.1 Medium |
| Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | ||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||