Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

10 matches found

CVE•added 2018/11/16 6:29 p.m.•438 views

CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one char...

9.8CVSS7.2AI score0.07275EPSS

CVE•added 2018/11/06 10:29 p.m.•355 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

9.8CVSS9.7AI score0.88931EPSS

CVE•added 2018/11/28 5:29 p.m.•334 views

CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP ser...

7.5CVSS7.5AI score0.05801EPSS

CVE•added 2018/11/16 6:29 p.m.•292 views

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

8.1CVSS7.3AI score0.03423EPSS

CVE•added 2018/11/13 3:29 p.m.•268 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

9.8CVSS9.5AI score0.01312EPSS

CVE•added 2018/11/26 7:29 p.m.•246 views

CVE-2018-16862

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

5.5CVSS6.4AI score0.00061EPSS

CVE•added 2018/11/02 7:29 a.m.•202 views

CVE-2018-18897

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

6.5CVSS6.6AI score0.002EPSS

CVE•added 2018/11/12 7:29 p.m.•183 views

CVE-2018-19208

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

6.5CVSS6.1AI score0.00406EPSS

CVE•added 2018/11/12 7:29 p.m.•153 views

CVE-2018-19214

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

7.8CVSS6.2AI score0.00223EPSS

CVE•added 2018/11/12 7:29 p.m.•144 views

CVE-2018-19215

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

7.8CVSS6.2AI score0.00223EPSS