Redhat

Enterprise Linux

1780 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2018-16396

  • EPSS 3.29%
  • Veröffentlicht 16.11.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:40

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

9.8

CVE-2018-16395

  • EPSS 4.42%
  • Veröffentlicht 16.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:40

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...

9.8

CVE-2018-16850

  • EPSS 1.32%
  • Veröffentlicht 13.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:26

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...

6.5

CVE-2018-19208

Exploit
  • EPSS 0.41%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:33

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

7.8

CVE-2018-19214

Exploit
  • EPSS 0.29%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

7.8

CVE-2018-19215

Exploit
  • EPSS 0.21%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

9.8

CVE-2018-14667

Warnung
  • EPSS 89.46%
  • Veröffentlicht 06.11.2018 22:29:00
  • Zuletzt bearbeitet 03.11.2025 15:03:48

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via ...

6.5

CVE-2018-18897

Exploit
  • EPSS 0.15%
  • Veröffentlicht 02.11.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:50

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

8.8

CVE-2018-14651

  • EPSS 2.08%
  • Veröffentlicht 31.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause...

9.8

CVE-2018-18751

Exploit
  • EPSS 0.56%
  • Veröffentlicht 29.10.2018 12:29:09
  • Zuletzt bearbeitet 21.11.2024 03:56:31

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.