Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

11 matches found

CVE•added 2018/10/06 2:29 p.m.•573 views

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

9.8CVSS9.3AI score0.72679EPSS

CVE•added 2018/10/29 12:29 p.m.•446 views

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

9.8CVSS9.2AI score0.01298EPSS

CVE•added 2018/10/17 12:29 p.m.•423 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

9.1CVSS8.5AI score0.79379EPSS

CVE•added 2018/10/23 2:29 a.m.•144 views

CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

6.5CVSS6.6AI score0.02653EPSS

CVE•added 2018/10/18 1:29 p.m.•138 views

CVE-2018-12372

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird

6.5CVSS7.2AI score0.00452EPSS

CVE•added 2018/10/18 1:29 p.m.•129 views

CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird

6.5CVSS7.2AI score0.00466EPSS

CVE•added 2018/10/31 10:29 p.m.•128 views

CVE-2018-14651

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via ...

8.8CVSS7.9AI score0.03632EPSS

CVE•added 2018/10/18 1:29 p.m.•125 views

CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird

4.3CVSS6AI score0.00438EPSS

CVE•added 2018/10/19 10:29 p.m.•73 views

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

5.5CVSS7.1AI score0.0012EPSS

CVE•added 2018/10/24 9:29 p.m.•59 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

7.8CVSS7.7AI score0.00213EPSS

CVE•added 2018/10/24 9:29 p.m.•55 views

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the...

7.8CVSS7.5AI score0.00078EPSS