Redhat

Enterprise Linux

1709 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-16395

  • EPSS 4.42%
  • Published 16.11.2018 18:29:00
  • Last modified 21.11.2024 03:52:40

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...

9.8

CVE-2018-16850

  • EPSS 1.54%
  • Published 13.11.2018 15:29:00
  • Last modified 21.11.2024 03:53:26

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...

6.5

CVE-2018-19208

Exploit
  • EPSS 0.41%
  • Published 12.11.2018 19:29:00
  • Last modified 21.11.2024 03:57:33

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

7.8

CVE-2018-19214

Exploit
  • EPSS 0.22%
  • Published 12.11.2018 19:29:00
  • Last modified 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

7.8

CVE-2018-19215

Exploit
  • EPSS 0.22%
  • Published 12.11.2018 19:29:00
  • Last modified 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

9.8

CVE-2018-14667

Warning
  • EPSS 88.86%
  • Published 06.11.2018 22:29:00
  • Last modified 27.01.2025 21:56:01

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via ...

6.5

CVE-2018-18897

Exploit
  • EPSS 0.2%
  • Published 02.11.2018 07:29:00
  • Last modified 21.11.2024 03:56:50

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

8.8

CVE-2018-14651

  • EPSS 3.57%
  • Published 31.10.2018 22:29:00
  • Last modified 21.11.2024 03:49:30

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause...

9.8

CVE-2018-18751

Exploit
  • EPSS 0.63%
  • Published 29.10.2018 12:29:09
  • Last modified 21.11.2024 03:56:31

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

7.8

CVE-2016-10729

Exploit
  • EPSS 0.21%
  • Published 24.10.2018 21:29:00
  • Last modified 21.11.2024 02:44:36

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate comma...