Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2656 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0217 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2019-04-16 6.0
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVE-2018-1068 4 Linux, Redhat, Canonical and 1 more 10 Linux Kernel, Virtualization Host, Ubuntu Linux and 7 more 2019-04-16 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 16 Perl, Ubuntu Linux, Debian Linux and 13 more 2019-04-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19039 2 Netapp, Redhat 5 Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge, Enterprise Linux Desktop and 2 more 2019-04-16 4.0
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
CVE-2018-18356 5 Google, Debian, Redhat and 2 more 10 Chrome, Debian Linux, Enterprise Linux Desktop and 7 more 2019-04-16 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-10675 3 Linux, Redhat, Canonical 9 Linux Kernel, Virtualization Host, Ubuntu Linux and 6 more 2019-04-16 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-1002105 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2019-04-16 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API...
CVE-2018-1060 5 Python, Redhat, Canonical and 2 more 8 Python, Ansible Tower, Ubuntu Linux and 5 more 2019-04-15 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2019-3891 1 Redhat 1 Satellite 2019-04-15 2.1
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to...
CVE-2018-1336 4 Apache, Redhat, Canonical and 1 more 8 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 5 more 2019-04-15 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51,...
CVE-2018-1304 5 Apache, Redhat, Debian and 2 more 8 Tomcat, Jboss Enterprise Web Server, Debian Linux and 5 more 2019-04-15 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2018-11784 5 Apache, Netapp, Canonical and 2 more 10 Tomcat, Snap Creator Framework, Ubuntu Linux and 7 more 2019-04-15 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...
CVE-2018-11759 3 Apache, Redhat, Debian 3 Tomcat Jk Connector, Jboss Core Services, Debian Linux 2019-04-15 5.0
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs...
CVE-2017-9461 3 Samba, Redhat, Debian 8 Samba, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-04-15 6.8
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
CVE-2018-18335 4 Google, Debian, Redhat and 1 more 9 Chrome, Debian Linux, Linux Desktop and 6 more 2019-04-15 6.8
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-3893 2 Redhat, Theforeman 2 Satellite, Foreman 2019-04-15 4.0
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the...
CVE-2019-3863 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of...
CVE-2019-3857 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to...
CVE-2019-3856 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client...
CVE-2019-3855 6 Libssh2, Netapp, Debian and 3 more 11 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 8 more 2019-04-15 9.3
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client...