Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11833 5 Canonical, Debian, Fedoraproject and 2 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2023-03-01 2.1 LOW 5.5 MEDIUM
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
CVE-2018-18897 4 Canonical, Debian, Freedesktop and 1 more 10 Ubuntu Linux, Debian Linux, Poppler and 7 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2019-10906 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Leap and 2 more 2023-03-01 5.0 MEDIUM 8.6 HIGH
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2019-1002100 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2023-03-01 4.0 MEDIUM 6.5 MEDIUM
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
CVE-2023-0482 1 Redhat 1 Resteasy 2023-03-01 N/A 5.5 MEDIUM
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
CVE-2017-1002157 1 Redhat 1 Modulemd 2023-02-28 7.5 HIGH 9.8 CRITICAL
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
CVE-2017-1002152 1 Redhat 1 Bodhi 2023-02-28 4.3 MEDIUM 6.1 MEDIUM
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.
CVE-2022-46340 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-28 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46341 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2023-02-28 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2019-13313 3 Fedoraproject, Libosinfo, Redhat 6 Fedora, Libosinfo, Enterprise Linux and 3 more 2023-02-28 2.1 LOW 7.8 HIGH
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
CVE-2019-12527 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
CVE-2019-7664 2 Elfutils Project, Redhat 8 Elfutils, Enterprise Linux, Enterprise Linux Desktop and 5 more 2023-02-28 4.3 MEDIUM 5.5 MEDIUM
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7222 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2023-02-28 2.1 LOW 5.5 MEDIUM
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2018-1000876 3 Canonical, Gnu, Redhat 5 Ubuntu Linux, Binutils, Enterprise Linux Desktop and 2 more 2023-02-28 4.6 MEDIUM 7.8 HIGH
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
CVE-2019-14744 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-02-28 5.1 MEDIUM 7.8 HIGH
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
CVE-2018-25012 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2023-02-28 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVE-2019-14439 6 Apache, Debian, Fasterxml and 3 more 18 Drill, Debian Linux, Jackson-databind and 15 more 2023-02-28 5.0 MEDIUM 7.5 HIGH
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVE-2021-3537 6 Debian, Fedoraproject, Netapp and 3 more 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more 2023-02-28 4.3 MEDIUM 5.9 MEDIUM
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
CVE-2019-11041 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2023-02-28 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11042 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2023-02-28 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.