Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2656 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16886 1 Redhat 1 Enterprise Linux Server 2019-04-15 6.8
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common...
CVE-2018-1099 1 Redhat 1 Etcd 2019-04-15 2.1
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
CVE-2018-1098 1 Redhat 1 Etcd 2019-04-15 6.8
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT...
CVE-2014-8114 1 Redhat 1 Uberfire 2019-04-12 6.8
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
CVE-2019-3837 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-04-12 4.9
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on...
CVE-2019-8912 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-04-12 7.2
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
CVE-2019-3459 3 Redhat, Canonical, Linux 4 Enterprise Mrg, Ubuntu Linux, Linux Kernel and 1 more 2019-04-11 3.3
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-3845 1 Redhat 1 Satellite 2019-04-11 5.2
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host...
CVE-2017-3139 2 Isc, Redhat 4 Bind, Enterprise Linux Server Aus, Enterprise Linux Server Eus and 1 more 2019-04-11 5.0
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
CVE-2019-3842 2 Systemd Project, Redhat 2 Systemd, Enterprise Linux 2019-04-11 4.4
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment...
CVE-2019-6454 7 Freedesktop, Netapp, Canonical and 4 more 12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more 2019-04-10 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can...
CVE-2018-1050 4 Samba, Canonical, Debian and 1 more 6 Samba, Ubuntu Linux, Debian Linux and 3 more 2019-04-09 2.9
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC...
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-04-09 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2019-1002101 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2019-04-09 5.8
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the...
CVE-2018-5379 4 Quagga, Debian, Canonical and 1 more 8 Quagga, Debian Linux, Ubuntu Linux and 5 more 2019-04-09 7.5
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially...
CVE-2018-14618 4 Haxx, Canonical, Debian and 1 more 4 Libcurl, Ubuntu Linux, Debian Linux and 1 more 2019-04-09 10.0
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to...
CVE-2018-16884 3 Redhat, Linux, Debian 4 Enterprise Mrg, Linux Kernel, Enterprise Linux and 1 more 2019-04-09 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious...
CVE-2018-18445 3 Canonical, Linux, Redhat 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more 2019-04-09 7.2
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles...
CVE-2017-1000410 3 Linux, Redhat, Debian 9 Linux Kernel, Virtualization Host, Debian Linux and 6 more 2019-04-08 5.0
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be...
CVE-2018-10934 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-04-08 3.5
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.