Filtered by vendor Redhat
Subscriptions
Total
22972 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14679 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 9 Libmspack, Cabextract, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||||
| CVE-2018-14666 | 1 Redhat | 1 Satellite | 2024-11-21 | N/A |
| An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions. | ||||
| CVE-2018-14664 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side. | ||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 5.7 Medium |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | ||||
| CVE-2018-14661 | 3 Debian, Gluster, Redhat | 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more | 2024-11-21 | 6.5 Medium |
| It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | ||||
| CVE-2018-14660 | 3 Debian, Gluster, Redhat | 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | ||||
| CVE-2018-14659 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | ||||
| CVE-2018-14658 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2024-11-21 | N/A |
| A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack | ||||
| CVE-2018-14657 | 1 Redhat | 5 Jboss Single Sign On, Keycloak, Linux and 2 more | 2024-11-21 | 8.1 High |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | ||||
| CVE-2018-14655 | 1 Redhat | 5 Jboss Single Sign On, Keycloak, Linux and 2 more | 2024-11-21 | N/A |
| A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | ||||
| CVE-2018-14654 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux, Enterprise Linux Server and 5 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | ||||
| CVE-2018-14653 | 2 Debian, Redhat | 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more | 2024-11-21 | 8.8 High |
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | ||||
| CVE-2018-14652 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | ||||
| CVE-2018-14651 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | ||||
| CVE-2018-14650 | 2 Redhat, Sos-collector Project | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | N/A |
| It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | ||||
| CVE-2018-14649 | 1 Redhat | 5 Ceph-iscsi-cli, Ceph Storage, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions. | ||||
| CVE-2018-14648 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | ||||
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | ||||
| CVE-2018-14646 | 2 Linux, Redhat | 10 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 7 more | 2024-11-21 | N/A |
| The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. | ||||
| CVE-2018-14645 | 3 Canonical, Haproxy, Redhat | 6 Ubuntu Linux, Haproxy, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. | ||||