Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5131 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2019-03-08 4.3 MEDIUM 5.9 MEDIUM
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVE-2018-5750 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2019-03-07 2.1 LOW 5.5 MEDIUM
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2018-4945 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5001 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5000 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-16541 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-16539 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
CVE-2018-6927 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2019-03-06 4.6 MEDIUM 7.8 HIGH
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2018-10119 4 Canonical, Debian, Libreoffice and 1 more 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more 2019-03-05 6.8 MEDIUM 7.8 HIGH
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
CVE-2018-15727 2 Grafana, Redhat 2 Grafana, Ceph Storage 2019-03-05 7.5 HIGH 9.8 CRITICAL
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVE-2018-17466 4 Canonical, Debian, Google and 1 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2019-03-05 6.8 MEDIUM 8.8 HIGH
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-7549 3 Canonical, Redhat, Zsh 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-03-04 5.0 MEDIUM 7.5 HIGH
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-6099 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 4.3 MEDIUM 6.5 MEDIUM
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
CVE-2018-6086 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 6.8 MEDIUM 8.8 HIGH
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-6089 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 4.3 MEDIUM 6.5 MEDIUM
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
CVE-2018-6090 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 6.8 MEDIUM 8.8 HIGH
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-6085 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 6.8 MEDIUM 8.8 HIGH
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-6101 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 5.1 MEDIUM 7.5 HIGH
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
CVE-2018-6088 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 6.8 MEDIUM 8.8 HIGH
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVE-2018-6095 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2019-03-01 4.3 MEDIUM 6.5 MEDIUM
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.