Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2788 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11806 3 Qemu, Redhat, Canonical 3 Qemu, Openstack, Ubuntu Linux 2019-05-31 7.2
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-1084 3 Corosync, Debian, Redhat 3 Corosync, Debian Linux, Enterprise Linux Server 2019-05-30 7.5
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
CVE-2018-0495 5 Gnupg, Canonical, Debian and 2 more 9 Libgcrypt, Ubuntu Linux, Debian Linux and 6 more 2019-05-30 1.9
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c,...
CVE-2018-10846 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-05-30 1.9
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover...
CVE-2018-10845 3 Gnu, Debian, Redhat 5 Gnutls, Debian Linux, Enterprise Linux Desktop and 2 more 2019-05-30 4.3
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing...
CVE-2018-10844 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-05-30 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing...
CVE-2019-5418 3 Rubyonrails, Debian, Redhat 3 Rails, Debian Linux, Cloudforms 2019-05-29 5.0
There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2018-16884 4 Redhat, Linux, Debian and 1 more 5 Enterprise Mrg, Linux Kernel, Enterprise Linux and 2 more 2019-05-29 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious...
CVE-2019-6133 4 Polkit Project, Debian, Redhat and 1 more 9 Polkit, Debian Linux, Enterprise Linux Desktop and 6 more 2019-05-28 4.4
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in...
CVE-2019-3459 4 Redhat, Canonical, Linux and 1 more 5 Enterprise Mrg, Ubuntu Linux, Linux Kernel and 2 more 2019-05-28 3.3
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2018-19115 2 Debian, Redhat 7 Debian Linux, Enterprise Linux, Enterprise Linux Server Aus and 4 more 2019-05-28 7.5
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an...
CVE-2019-3842 4 Systemd Project, Redhat, Debian and 1 more 4 Systemd, Enterprise Linux, Debian Linux and 1 more 2019-05-28 4.4
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment...
CVE-2019-3880 5 Redhat, Samba, Debian and 2 more 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-05-27 5.5
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to...
CVE-2016-7041 1 Redhat 2 Jboss Brms, Jboss Drools 2019-05-24 6.8
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-05-23 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2019-7837 2 Adobe, Redhat 5 Flash Player, Flash Player Desktop Runtime, Enterprise Linux Desktop and 2 more 2019-05-23 9.3
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2007-1864 4 Php, Canonical, Debian and 1 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-05-22 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
CVE-2017-3641 3 Oracle, Redhat, Debian 9 Mysql, Openstack, Debian Linux and 6 more 2019-05-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high...
CVE-2017-3464 3 Oracle, Debian, Redhat 8 Mysql, Debian Linux, Enterprise Linux Desktop and 5 more 2019-05-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low...
CVE-2018-1061 5 Python, Debian, Redhat and 2 more 8 Python, Debian Linux, Ansible Tower and 5 more 2019-05-22 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.