Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 5665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10844 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVE-2018-10843 1 Redhat 1 Openshift Container Platform 2024-11-21 9.0 HIGH 8.5 HIGH
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
CVE-2018-10840 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-11-21 7.2 HIGH 6.6 MEDIUM
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10768 4 Canonical, Debian, Freedesktop and 1 more 7 Ubuntu Linux, Debian Linux, Poppler and 4 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
CVE-2018-10767 2 Gnome, Redhat 5 Libgxps, Ansible Tower, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
CVE-2018-10733 3 Gnome, Opensuse, Redhat 6 Libgxps, Leap, Ansible Tower and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVE-2018-10683 1 Redhat 1 Wildfly 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security realm reference" implies "effectively unsecured." The vendor explicitly supports these unsecured configurations because they have valid use cases during development
CVE-2018-10675 3 Canonical, Linux, Redhat 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more 2024-11-21 7.2 HIGH 7.8 HIGH
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-10583 5 Apache, Canonical, Debian and 2 more 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
CVE-2018-10535 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
CVE-2018-10534 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
CVE-2018-10393 3 Debian, Redhat, Xiph.org 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
CVE-2018-10392 3 Debian, Redhat, Xiph.org 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
CVE-2018-10373 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
CVE-2018-10372 2 Gnu, Redhat 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
CVE-2018-10322 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
CVE-2018-10237 3 Google, Oracle, Redhat 18 Guava, Banking Payments, Communications Ip Service Activator and 15 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CVE-2018-10194 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2018-10184 2 Haproxy, Redhat 2 Haproxy, Enterprise Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
CVE-2018-10120 4 Canonical, Debian, Libreoffice and 1 more 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.