Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

152 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16850 3 Postgresql, Canonical, Redhat 3 Postgresql, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with...
CVE-2018-14667 1 Redhat 2 Richfaces, Enterprise Linux 2019-10-09 7.5
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects...
CVE-2018-14648 3 Fedoraproject, Debian, Redhat 3 389 Directory Server, Debian Linux, Enterprise Linux 2019-10-09 7.8
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
CVE-2017-15118 3 Qemu, Canonical, Redhat 3 Qemu, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds...
CVE-2017-15103 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2019-10-09 9.0
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi...
CVE-2018-16395 4 Ruby-lang, Canonical, Debian and 1 more 5 Ruby, Ubuntu Linux, Debian Linux and 2 more 2019-10-03 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2018-14354 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-1111 2 Redhat, Fedoraproject 7 Enterprise Virtualization, Enterprise Virtualization Host, Fedora and 4 more 2019-10-03 7.9
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local...
CVE-2017-5390 3 Mozilla, Debian, Redhat 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-10-03 7.5
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox...
CVE-2017-5456 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2019-10-03 7.5
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1...
CVE-2017-5386 3 Mozilla, Debian, Redhat 9 Firefox, Firefox Esr, Debian Linux and 6 more 2019-10-03 7.5
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR <...
CVE-2018-14357 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVE-2016-4448 11 Apple, Slackware, Oracle and 8 more 31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more 2019-09-25 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2011-2767 4 Apache, Canonical, Debian and 1 more 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-24 10.0
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's...
CVE-2019-14813 2 Artifex, Redhat 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more 2019-09-10 7.5
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could...
CVE-2018-18314 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18312 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-1126 3 Canonical, Debian, Redhat 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2019-07-30 7.5
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-11307 2 Fasterxml, Redhat 2 Jackson-databind, Enterprise Linux 2019-07-22 7.5
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVE-2019-10164 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2019-07-21 9.0
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This...