Redhat

Enterprise Linux

1709 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2016-10730

  • EPSS 0.08%
  • Veröffentlicht 24.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:36

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It run...

6.5

CVE-2018-18584

  • EPSS 2.79%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

5.5

CVE-2018-18438

  • EPSS 0.12%
  • Veröffentlicht 19.10.2018 22:29:02
  • Zuletzt bearbeitet 21.11.2024 03:55:56

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

6.5

CVE-2018-12373

  • EPSS 0.46%
  • Veröffentlicht 18.10.2018 13:29:04
  • Zuletzt bearbeitet 21.11.2024 03:45:05

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

4.3

CVE-2018-12374

  • EPSS 0.32%
  • Veröffentlicht 18.10.2018 13:29:04
  • Zuletzt bearbeitet 21.11.2024 03:45:05

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.

6.5

CVE-2018-12372

  • EPSS 0.33%
  • Veröffentlicht 18.10.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 03:45:04

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

9.1

CVE-2018-10933

Exploit
  • EPSS 78.33%
  • Veröffentlicht 17.10.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:20

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

9.8

CVE-2018-17456

Exploit
  • EPSS 70.7%
  • Veröffentlicht 06.10.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:27

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has ...

7.8

CVE-2018-14648

  • EPSS 10.17%
  • Veröffentlicht 28.09.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

5.9

CVE-2018-11763

  • EPSS 17.4%
  • Veröffentlicht 25.09.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:58

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitiga...