Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 15171 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-12232 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
CVE-2018-12207 8 Canonical, Debian, F5 and 5 more 1541 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1538 more 2024-11-21 6.5 Medium
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
CVE-2018-12181 2 Redhat, Tianocore 2 Enterprise Linux, Edk Ii 2024-11-21 N/A
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
CVE-2018-12180 3 Opensuse, Redhat, Tianocore 3 Leap, Enterprise Linux, Edk Ii 2024-11-21 N/A
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2018-12130 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12126 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12085 4 Canonical, Liblouis, Opensuse and 1 more 4 Ubuntu Linux, Liblouis, Leap and 1 more 2024-11-21 N/A
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2018-12020 4 Canonical, Debian, Gnupg and 1 more 10 Ubuntu Linux, Debian Linux, Gnupg and 7 more 2024-11-21 7.5 High
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
CVE-2018-12015 7 Apple, Archive\, Canonical and 4 more 10 Mac Os X, \, Ubuntu Linux and 7 more 2024-11-21 N/A
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
CVE-2018-11813 2 Ijg, Redhat 2 Libjpeg, Enterprise Linux 2024-11-21 N/A
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
CVE-2018-11806 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2024-11-21 8.2 High
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-11805 3 Apache, Debian, Redhat 3 Spamassassin, Debian Linux, Enterprise Linux 2024-11-21 6.7 Medium
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
CVE-2018-11784 6 Apache, Canonical, Debian and 3 more 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more 2024-11-21 N/A
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
CVE-2018-11782 2 Apache, Redhat 2 Subversion, Enterprise Linux 2024-11-21 6.5 Medium
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.
CVE-2018-11781 4 Apache, Canonical, Debian and 1 more 8 Spamassassin, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 N/A
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
CVE-2018-11763 5 Apache, Canonical, Netapp and 2 more 11 Http Server, Ubuntu Linux, Storage Automation Store and 8 more 2024-11-21 N/A
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-11713 3 Gnome, Redhat, Webkitgtk 3 Libsoup, Enterprise Linux, Webkitgtk\+ 2024-11-21 N/A
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
CVE-2018-11712 2 Redhat, Webkitgtk 2 Enterprise Linux, Webkitgtk\+ 2024-11-21 N/A
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
CVE-2018-11685 4 Canonical, Liblouis, Opensuse and 1 more 4 Ubuntu Linux, Liblouis, Leap and 1 more 2024-11-21 N/A
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.