Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12825 6 Adobe, Apple, Google and 3 more 10 Flash Player, Mac Os X, Chrome Os and 7 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
CVE-2018-12828 6 Adobe, Apple, Google and 3 more 10 Flash Player, Mac Os X, Chrome Os and 7 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-13033 2 Gnu, Redhat 5 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVE-2018-1304 5 Apache, Canonical, Debian and 2 more 11 Tomcat, Ubuntu Linux, Debian Linux and 8 more 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
CVE-2018-14627 1 Redhat 1 Wildfly 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
CVE-2018-15908 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-02 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
CVE-2018-15967 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-10-02 5.0 MEDIUM 7.5 HIGH
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-16081 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-02 4.3 MEDIUM 7.4 HIGH
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.
CVE-2018-16395 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16396 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2019-10-02 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16509 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 5 more 2019-10-02 9.3 HIGH 7.8 HIGH
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVE-2018-16837 3 Debian, Redhat, Suse 5 Debian Linux, Ansible Engine, Ansible Tower and 2 more 2019-10-02 2.1 LOW 7.8 HIGH
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
CVE-2018-16802 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-10-02 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
CVE-2018-17472 4 Apple, Debian, Google and 1 more 6 Iphone Os, Debian Linux, Chrome and 3 more 2019-10-02 6.8 MEDIUM 9.6 CRITICAL
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
CVE-2018-17961 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-10-02 6.8 MEDIUM 8.6 HIGH
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CVE-2018-18345 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
CVE-2018-18349 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
CVE-2018-18350 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2018-18352 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
CVE-2018-18353 3 Debian, Google, Redhat 6 Debian Linux, Android, Chrome and 3 more 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.