Redhat

Enterprise Linux Server Eus

622 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-16542

  • EPSS 0.43%
  • Veröffentlicht 05.09.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:56

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

9.3

CVE-2018-16509

Exploit
  • EPSS 91.74%
  • Veröffentlicht 05.09.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:52

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr...

7.8

CVE-2018-16511

  • EPSS 0.37%
  • Veröffentlicht 05.09.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:52

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

7.5

CVE-2018-14622

  • EPSS 2.34%
  • Veröffentlicht 30.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:26

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de...

7.8

CVE-2018-15911

  • EPSS 2.7%
  • Veröffentlicht 28.08.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:42

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

7.8

CVE-2018-15908

  • EPSS 0.23%
  • Veröffentlicht 27.08.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:41

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

7.8

CVE-2018-15909

  • EPSS 2.27%
  • Veröffentlicht 27.08.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:41

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

7.8

CVE-2018-15910

  • EPSS 4.83%
  • Veröffentlicht 27.08.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:42

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

5.5

CVE-2015-5160

  • EPSS 0.15%
  • Veröffentlicht 20.08.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:32:28

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

8.8

CVE-2018-10873

  • EPSS 1.27%
  • Veröffentlicht 17.08.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:11

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p...