Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Subscribe

Filter

678 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12372 4 Mozilla, Canonical, Debian and 1 more 7 Thunderbird, Ubuntu Linux, Debian Linux and 4 more 2019-10-03 4.3
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVE-2017-15131 1 Redhat 1 Enterprise Linux 2019-10-03 4.6
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
CVE-2016-4448 11 Apple, Slackware, Oracle and 8 more 31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more 2019-09-25 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2011-2767 4 Apache, Canonical, Debian and 1 more 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-24 10.0
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's...
CVE-2019-14816 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Messaging Realtime Grid 2019-09-24 7.2
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14814 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Messaging Realtime Grid 2019-09-24 7.2
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14821 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-09-24 7.2
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object,...
CVE-2019-6974 5 Linux, Debian, F5 and 2 more 24 Linux Kernel, Debian Linux, Big-ip Access Policy Manager and 21 more 2019-09-20 6.8
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-14835 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2019-09-19 7.2
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass...
CVE-2018-16871 2 Redhat, Linux 9 Developer Tools, Linux Kernel, Enterprise Linux and 6 more 2019-09-10 5.0
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS...
CVE-2019-14813 2 Artifex, Redhat 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more 2019-09-10 7.5
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could...
CVE-2018-18314 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18313 6 Perl, Canonical, Debian and 3 more 8 Perl, Ubuntu Linux, Debian Linux and 5 more 2019-09-06 6.4
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18312 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2019-10140 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-09-06 4.9
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in...
CVE-2019-12384 3 Fasterxml, Debian, Redhat 3 Jackson-databind, Debian Linux, Enterprise Linux 2019-09-05 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2018-10892 2 Redhat, Mobyproject 4 Enterprise Linux, Enterprise Linux Server, Moby and 1 more 2019-08-30 5.0
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
CVE-2018-1129 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-08-29 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol....
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-08-15 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...