Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Workstation Subscribe

Filter

988 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-13785 4 Libpng, Canonical, Oracle and 1 more 8 Libgpng, Ubuntu Linux, Libpng and 5 more 2019-08-15 4.3
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVE-2019-10182 2 Icedtea-web Project, Redhat 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-08-15 5.8
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to...
CVE-2017-9788 6 Apache, Netapp, Oracle and 3 more 16 Httpd, Http Server, Oncommand Unified Manager and 13 more 2019-08-15 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an...
CVE-2016-5388 4 Hp, Apache, Oracle and 1 more 11 Tomcat, Linux, Enterprise Linux Desktop and 8 more 2019-08-13 5.1
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment...
CVE-2019-10168 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt...
CVE-2019-10167 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to...
CVE-2019-10166 1 Redhat 9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-08-12 4.6
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had...
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2019-08-12 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing...
CVE-2018-7225 4 Libvncserver Project, Canonical, Debian and 1 more 9 Libvncserver, Ubuntu Linux, Debian Linux and 6 more 2019-08-09 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g.,...
CVE-2018-8088 3 Redhat, Slf4j, Oracle 7 Jboss Enterprise Application Platform, Slf4j, Enterprise Linux Desktop and 4 more 2019-08-08 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2018-16865 5 Freedesktop, Canonical, Debian and 2 more 13 Systemd, Ubuntu Linux, Debian Linux and 10 more 2019-08-07 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...
CVE-2018-16864 5 Freedesktop, Canonical, Debian and 2 more 12 Systemd, Ubuntu Linux, Debian Linux and 9 more 2019-08-07 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to...
CVE-2018-11781 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2019-08-06 4.6
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
CVE-2018-15473 5 Openbsd, Debian, Netapp and 2 more 16 Openssh, Debian Linux, Aff Baseboard Management Controller and 13 more 2019-08-06 5.0
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and...
CVE-2018-16871 2 Redhat, Linux 9 Developer Tools, Linux Kernel, Enterprise Linux and 6 more 2019-08-06 5.0
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS...
CVE-2018-13033 2 Gnu, Redhat 5 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-08-03 4.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by...
CVE-2018-10535 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a...
CVE-2018-10534 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the...
CVE-2018-10373 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary...
CVE-2018-10372 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-03 4.3
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.