Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Filter

2173 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8088 2 Redhat, Slf4j 5 Jboss Enterprise Application Platform, Slf4j, Enterprise Linux Desktop and 2 more 2018-12-12 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2018-8039 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2018-12-12 6.8
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try...
CVE-2017-7536 1 Redhat 1 Hibernate Validator 2018-12-12 4.4
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential...
CVE-2018-19139 2 Jasper Project, Redhat 2 Jasper, Fedora 2018-12-11 4.3
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVE-2018-1002105 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2018-12-11 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API...
CVE-2018-14651 2 Debian, Redhat 2 Debian Linux, Enterprise Linux 2018-12-11 6.5
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or...
CVE-2016-6343 1 Redhat 1 Jboss Bpm Suite 2018-12-11 3.5
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious...
CVE-2014-0188 1 Redhat 1 Openshift 2018-12-11 7.5
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate...
CVE-2018-15688 4 Freedesktop, Canonical, Debian and 1 more 8 Systemd, Ubuntu Linux, Debian Linux and 5 more 2018-12-10 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
CVE-2017-1000500 1 Redhat 2 Mobile Application Platform, Single Sign On 2018-12-10 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references...
CVE-2018-18751 3 Gnu, Canonical, Redhat 3 Gettext, Ubuntu Linux, Enterprise Linux 2018-12-07 7.5
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2017-15705 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-07 5.0
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache...
CVE-2018-14622 3 Canonical, Debian, Redhat 7 Ubuntu Linux, Debian Linux, Enterprise Linux and 4 more 2018-12-07 5.0
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available...
CVE-2018-14642 1 Redhat 1 Undertow 2018-12-07 5.0
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may...
CVE-2018-14659 2 Redhat, Debian 4 Gluster Storage, Debian Linux, Enterprise Linux Server and 1 more 2018-12-07 4.0
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly...
CVE-2013-2069 1 Redhat 1 Livecd-tools 2018-12-06 7.2
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
CVE-2018-12385 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 4.4
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker...
CVE-2018-5188 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 7.5
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...
CVE-2018-5156 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 7.5
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability...
CVE-2018-12387 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Ubuntu Linux and 7 more 2018-12-06 6.4
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used...