Filtered by vendor Redhat
Subscriptions
Total
23104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25014 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.8 Critical |
| A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | ||||
| CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||||
| CVE-2018-25011 | 2 Redhat, Webmproject | 4 Enterprise Linux, Rhel Eus, Rhmt and 1 more | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||||
| CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||||
| CVE-2018-21270 | 2 Nodejs, Redhat | 2 Node.js, Quay | 2024-11-21 | 6.5 Medium |
| Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | ||||
| CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
| CVE-2018-21035 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
| CVE-2018-21009 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-11-21 | N/A |
| Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | ||||
| CVE-2018-20976 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Mrg, Rhel Aus and 3 more | 2024-11-21 | N/A |
| An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | ||||
| CVE-2018-20969 | 2 Gnu, Redhat | 6 Patch, Enterprise Linux, Rhel Aus and 3 more | 2024-11-21 | N/A |
| do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | ||||
| CVE-2018-20856 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||||
| CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||
| CVE-2018-20847 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-11-21 | 8.8 High |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | ||||
| CVE-2018-20845 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2024-11-21 | 6.5 Medium |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
| CVE-2018-20836 | 7 Canonical, Debian, F5 and 4 more | 16 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 13 more | 2024-11-21 | 8.1 High |
| An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | ||||
| CVE-2018-20834 | 2 Node-tar Project, Redhat | 2 Node-tar, Rhel Software Collections | 2024-11-21 | N/A |
| A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2). | ||||
| CVE-2018-20815 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-11-21 | N/A |
| In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | ||||
| CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | ||||