Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

10 matches found

CVE•added 2018/09/25 9:29 p.m.•1479 views

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

5.9CVSS5.6AI score0.16048EPSS

CVE•added 2018/09/05 7:29 p.m.•499 views

CVE-2018-14618

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequ...

10CVSS9.9AI score0.00617EPSS

CVE•added 2018/09/04 4:29 p.m.•271 views

CVE-2018-10930

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

6.5CVSS7AI score0.00776EPSS

CVE•added 2018/09/04 3:29 p.m.•255 views

CVE-2018-10926

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

8.8CVSS8.6AI score0.01028EPSS

CVE•added 2018/09/04 3:29 p.m.•241 views

CVE-2018-10928

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...

8.8CVSS8.6AI score0.01101EPSS

CVE•added 2018/09/10 4:29 p.m.•229 views

CVE-2016-7056

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

5.5CVSS5.7AI score0.00122EPSS

CVE•added 2018/09/05 6:29 p.m.•228 views

CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

7.8CVSS7.1AI score0.00283EPSS

CVE•added 2018/09/21 1:29 p.m.•195 views

CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

7.5CVSS7.1AI score0.00149EPSS

CVE•added 2018/09/05 6:29 p.m.•129 views

CVE-2018-16542

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

5.5CVSS6AI score0.00423EPSS

CVE•added 2018/09/28 1:29 p.m.•83 views

CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

7.8CVSS7.1AI score0.1052EPSS