Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Server
Subscriptions
Total
1914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2582 | 6 Canonical, Debian, Hp and 3 more | 17 Ubuntu Linux, Debian Linux, Xp7 Command View and 14 more | 2024-11-21 | 6.5 Medium |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). | ||||
| CVE-2018-2579 | 6 Canonical, Debian, Hp and 3 more | 20 Ubuntu Linux, Debian Linux, Xp7 Command View and 17 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2018-2562 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2024-11-21 | 7.1 High |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | ||||
| CVE-2018-20699 | 2 Docker, Redhat | 3 Engine, Enterprise Linux Server, Rhel Extras Other | 2024-11-21 | N/A |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | ||||
| CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 7 Debian Linux, Exiv2, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2018-1656 | 3 Ibm, Oracle, Redhat | 8 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | ||||
| CVE-2018-1517 | 2 Ibm, Redhat | 7 Software Development Kit, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | N/A |
| A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | ||||
| CVE-2018-1336 | 4 Apache, Canonical, Debian and 1 more | 12 Tomcat, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | 7.5 High |
| An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. | ||||
| CVE-2018-1312 | 5 Apache, Canonical, Debian and 2 more | 15 Http Server, Ubuntu Linux, Debian Linux and 12 more | 2024-11-21 | 9.8 Critical |
| In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. | ||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 7 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 8.1 High |
| A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | ||||
| CVE-2018-1130 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2024-11-21 | N/A |
| Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | ||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2024-11-21 | N/A |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | ||||
| CVE-2018-1128 | 3 Debian, Opensuse, Redhat | 10 Debian Linux, Leap, Ceph and 7 more | 2024-11-21 | N/A |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | ||||
| CVE-2018-1120 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | N/A |
| A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). | ||||
| CVE-2018-1118 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | N/A |
| Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | ||||
| CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | ||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 11 Fedora, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | N/A |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | ||||
| CVE-2018-1106 | 4 Canonical, Debian, Packagekit Project and 1 more | 10 Ubuntu Linux, Debian Linux, Packagekit and 7 more | 2024-11-21 | N/A |
| An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. | ||||