Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Enterprise Linux Desktop Subscribe

Filter

986 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2422 4 Oracle, Netapp, Canonical and 1 more 12 Jdk, Jre, Oncommand Unified Manager and 9 more 2019-03-25 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-12549 2 Eclipse, Redhat 4 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-03-25 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-12547 1 Redhat 3 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation 2019-03-25 7.5
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not...
CVE-2018-11212 6 Ijg, Netapp, Oracle and 3 more 11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more 2019-03-25 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-7550 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-25 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read...
CVE-2018-1000007 4 Haxx, Debian, Canonical and 1 more 6 Curl, Debian Linux, Ubuntu Linux and 3 more 2019-03-25 5.0
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to...
CVE-2016-4578 6 Linux, Canonical, Novell and 3 more 19 Ubuntu Linux, Suse Linux Enterprise Live Patching, Linux Kernel and 16 more 2019-03-25 2.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1)...
CVE-2016-1840 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 6.8
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or...
CVE-2016-1839 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2016-1838 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2016-1837 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow...
CVE-2016-1836 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service...
CVE-2016-1834 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 9.3
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a...
CVE-2016-1833 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2018-11784 5 Apache, Netapp, Canonical and 2 more 10 Tomcat, Snap Creator Framework, Ubuntu Linux and 7 more 2019-03-25 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...
CVE-2019-5782 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-03-25 6.8
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5781 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-03-25 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5780 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-03-25 4.6
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5779 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-03-25 4.3
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-5778 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-03-25 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for...