Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2788 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1060 5 Python, Redhat, Canonical and 2 more 8 Python, Ansible Tower, Ubuntu Linux and 5 more 2019-05-22 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2017-3600 3 Oracle, Debian, Redhat 8 Mysql, Debian Linux, Enterprise Linux Desktop and 5 more 2019-05-22 6.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high...
CVE-2017-3265 3 Oracle, Debian, Redhat 8 Mysql, Debian Linux, Enterprise Linux Desktop and 5 more 2019-05-22 4.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high...
CVE-2017-3302 4 Mariadb, Oracle, Debian and 1 more 8 Mariadb, Mysql, Debian Linux and 5 more 2019-05-22 5.0
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2017-3636 3 Oracle, Redhat, Debian 9 Mysql, Openstack, Debian Linux and 6 more 2019-05-22 4.6
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with...
CVE-2013-1591 2 Redhat, Palemoon 3 Enterprise Virtualization, Enterprise Linux, Pale Moon 2019-05-22 10.0
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the...
CVE-2019-10131 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2019-05-22 3.6
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
CVE-2018-12020 4 Gnupg, Canonical, Debian and 1 more 10 Gnupg, Ubuntu, Ubuntu Linux and 7 more 2019-05-22 5.0
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2"...
CVE-2018-2817 4 Oracle, Canonical, Debian and 1 more 10 Mysql, Ubuntu Linux, Debian Linux and 7 more 2019-05-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged...
CVE-2018-2813 5 Oracle, Canonical, Debian and 2 more 14 Mysql, Ubuntu Linux, Debian Linux and 11 more 2019-05-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged...
CVE-2018-1128 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-05-21 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to...
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2019-05-20 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2018-17972 4 Canonical, Linux, Redhat and 1 more 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more 2019-05-20 4.9
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack...
CVE-2019-1003000 2 Jenkins, Redhat 2 Script Security, Openshift Container Platform 2019-05-17 6.5
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to...
CVE-2018-16476 2 Rubyonrails, Redhat 3 Active Job, Rails, Cloudforms 2019-05-17 5.0
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This...
CVE-2019-3900 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2019-05-17 6.8
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A...
CVE-2019-3894 1 Redhat 2 Jboss Enterprise Application Platform, Wildfly 2019-05-17 6.5
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could...
CVE-2019-3805 1 Redhat 2 Jboss Enterprise Application Platform, Wildfly 2019-05-17 4.7
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in...
CVE-2016-4286 2 Adobe, Redhat 5 Flash Player Desktop Runtime, Flash Player, Enterprise Linux Desktop and 2 more 2019-05-16 9.3
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
CVE-2016-7855 2 Adobe, Redhat 4 Flash Player, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-05-16 9.3
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.