Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.49%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:33

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

Exploit
  • EPSS 1.34%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

Exploit
  • EPSS 1.24%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:34

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

Warnung
  • EPSS 74.17%
  • Veröffentlicht 06.11.2018 22:29:00
  • Zuletzt bearbeitet 03.11.2025 15:03:48

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via ...

Exploit
  • EPSS 1.96%
  • Veröffentlicht 02.11.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:50

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

  • EPSS 3.23%
  • Veröffentlicht 31.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause...

Exploit
  • EPSS 4.29%
  • Veröffentlicht 29.10.2018 12:29:09
  • Zuletzt bearbeitet 21.11.2024 03:56:31

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Exploit
  • EPSS 1.19%
  • Veröffentlicht 24.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:36

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate comma...

  • EPSS 0.56%
  • Veröffentlicht 24.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:36

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It run...

  • EPSS 3.09%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.