Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

1090 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6974 5 Linux, Debian, F5 and 2 more 24 Linux Kernel, Debian Linux, Big-ip Access Policy Manager and 21 more 2019-09-20 6.8
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2017-17405 3 Ruby-lang, Debian, Redhat 8 Ruby, Debian Linux, Enterprise Linux Desktop and 5 more 2019-09-19 9.3
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command...
CVE-2018-14622 4 Canonical, Debian, Redhat and 1 more 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2019-09-16 5.0
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available...
CVE-2018-9568 3 Google, Canonical, Redhat 9 Android, Ubuntu Linux, Enterprise Linux Desktop and 6 more 2019-09-10 7.2
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...
CVE-2018-16871 2 Redhat, Linux 9 Developer Tools, Linux Kernel, Enterprise Linux and 6 more 2019-09-10 5.0
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS...
CVE-2019-1125 2 Redhat, Microsoft 15 Virtualization Host, Windows 10, Windows 7 and 12 more 2019-09-10 2.1
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
CVE-2019-14813 2 Artifex, Redhat 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more 2019-09-10 7.5
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2019-8308 3 Debian, Redhat, Flatpak 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-09-01 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2017-3143 3 Isc, Debian, Redhat 8 Bind, Debian Linux, Enterprise Linux Desktop and 5 more 2019-08-30 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic...
CVE-2017-3142 3 Isc, Debian, Redhat 8 Bind, Debian Linux, Enterprise Linux Desktop and 5 more 2019-08-30 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server...
CVE-2018-1129 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-08-29 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol....
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2016-4273 2 Adobe, Redhat 4 Flash Player, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-19 10.0
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2018-18358 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
CVE-2018-18357 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18355 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18354 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 6.8
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
CVE-2018-18353 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 4.3
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.