Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

678 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11235 5 Git-scm, Gitforwindows, Canonical and 2 more 9 Git, Git, Ubuntu Linux and 6 more 2019-10-03 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine...
CVE-2018-16395 4 Ruby-lang, Canonical, Debian and 1 more 5 Ruby, Ubuntu Linux, Debian Linux and 2 more 2019-10-03 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2017-5456 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2019-10-03 7.5
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1...
CVE-2018-10930 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10927 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-16888 3 Freedesktop, Netapp, Redhat 4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more 2019-10-03 1.9
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to...
CVE-2017-5386 3 Mozilla, Debian, Redhat 9 Firefox, Firefox Esr, Debian Linux and 6 more 2019-10-03 7.5
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR <...
CVE-2018-1111 2 Redhat, Fedoraproject 7 Enterprise Virtualization, Enterprise Virtualization Host, Fedora and 4 more 2019-10-03 7.9
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local...
CVE-2018-14354 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-20685 7 Openbsd, Netapp, Winscp and 4 more 11 Openssh, Cloud Backup, Element Software and 8 more 2019-10-03 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2017-5390 3 Mozilla, Debian, Redhat 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-10-03 7.5
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox...
CVE-2018-12374 4 Mozilla, Canonical, Debian and 1 more 7 Thunderbird, Ubuntu Linux, Debian Linux and 4 more 2019-10-03 4.3
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
CVE-2018-5117 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-10-03 5.0
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can...
CVE-2018-3693 6 Arm, Intel, Netapp and 3 more 37 Cortex-a, Cortex-r, Atom C and 34 more 2019-10-03 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2017-7807 3 Mozilla, Debian, Redhat 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-10-03 5.8
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects...
CVE-2018-14357 4 Mutt, Canonical, Debian and 1 more 10 Mutt, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVE-2017-5405 3 Mozilla, Debian, Redhat 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-10-03 5.0
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
CVE-2018-12372 4 Mozilla, Canonical, Debian and 1 more 7 Thunderbird, Ubuntu Linux, Debian Linux and 4 more 2019-10-03 4.3
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-10-03 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2017-15131 1 Redhat 1 Enterprise Linux 2019-10-03 4.6
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.