Total
1906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14661 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | |||||
| CVE-2018-14653 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 1 more | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | |||||
| CVE-2018-14652 | 2 Debian, Redhat | 5 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 2 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | |||||
| CVE-2018-10902 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | |||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 6 Docker, Moby, Leap and 3 more | 2023-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | |||||
| CVE-2018-10883 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-10881 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-10872 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE. | |||||
| CVE-2017-7562 | 2 Mit, Redhat | 5 Kerberos 5, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. | |||||
| CVE-2017-7550 | 1 Redhat | 2 Ansible, Enterprise Linux Server | 2023-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. | |||||
| CVE-2017-7537 | 2 Dogtagpki, Redhat | 4 Dogtagpki, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. | |||||
| CVE-2017-2634 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
| It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. | |||||
| CVE-2017-2628 | 2 Haxx, Redhat | 4 Curl, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. | |||||
| CVE-2017-2626 | 2 Freedesktop, Redhat | 6 Libice, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. | |||||
| CVE-2017-2625 | 2 Redhat, X.org | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. | |||||
| CVE-2017-2618 | 3 Debian, Linux, Redhat | 8 Debian Linux, Linux Kernel, Enterprise Linux and 5 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. | |||||
| CVE-2017-2615 | 5 Citrix, Debian, Qemu and 2 more | 10 Xenserver, Debian Linux, Qemu and 7 more | 2023-02-12 | 9.0 HIGH | 9.1 CRITICAL |
| Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | |||||
| CVE-2017-15121 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||||
| CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2023-02-12 | 7.2 HIGH | 6.7 MEDIUM |
| Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
| CVE-2017-12171 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-02-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. | |||||