Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openstack Subscribe

Filter

2619 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2422 4 Oracle, Netapp, Canonical and 1 more 12 Jdk, Jre, Oncommand Unified Manager and 9 more 2019-03-25 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-12549 2 Eclipse, Redhat 4 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-03-25 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-12547 1 Redhat 3 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation 2019-03-25 7.5
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not...
CVE-2018-11212 6 Ijg, Netapp, Oracle and 3 more 11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more 2019-03-25 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-1058 3 Postgresql, Redhat, Canonical 3 Postgresql, Cloudforms, Ubuntu Linux 2019-03-25 6.5
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through...
CVE-2018-7550 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-25 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read...
CVE-2018-1000007 4 Haxx, Debian, Canonical and 1 more 6 Curl, Debian Linux, Ubuntu Linux and 3 more 2019-03-25 5.0
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to...
CVE-2016-4578 6 Linux, Canonical, Novell and 3 more 19 Ubuntu Linux, Suse Linux Enterprise Live Patching, Linux Kernel and 16 more 2019-03-25 2.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1)...
CVE-2016-1840 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 6.8
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or...
CVE-2016-1839 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2016-1838 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2016-1837 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow...
CVE-2016-1836 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service...
CVE-2016-1834 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 9.3
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a...
CVE-2016-1833 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2019-6111 5 Openbsd, Winscp, Canonical and 2 more 5 Openssh, Winscp, Ubuntu Linux and 2 more 2019-03-25 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name...
CVE-2019-5736 6 Docker, Google, Linuxcontainers and 3 more 8 Docker, Kubernetes Engine, Lxc and 5 more 2019-03-25 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2018-1336 4 Apache, Redhat, Canonical and 1 more 5 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 2 more 2019-03-25 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51,...
CVE-2018-1304 3 Apache, Redhat, Debian 3 Tomcat, Jboss Enterprise Web Server, Debian Linux 2019-03-25 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2018-11784 5 Apache, Netapp, Canonical and 2 more 10 Tomcat, Snap Creator Framework, Ubuntu Linux and 7 more 2019-03-25 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...