Total
691 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8171 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||||
| CVE-2017-5466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2018-3665 | 6 Canonical, Citrix, Debian and 3 more | 14 Ubuntu Linux, Xenserver, Debian Linux and 11 more | 2023-12-10 | 4.7 MEDIUM | 5.6 MEDIUM |
| System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | |||||
| CVE-2016-8612 | 3 Apache, Netapp, Redhat | 3 Http Server, Storage Automation Store, Enterprise Linux | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
| Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | |||||
| CVE-2017-7791 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
| setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | |||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | |||||
| CVE-2018-1067 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Undertow and 1 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. | |||||
| CVE-2018-1283 | 5 Apache, Canonical, Debian and 2 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
| In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. | |||||
| CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2023-12-10 | 3.3 LOW | 4.4 MEDIUM |
| Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | |||||
| CVE-2018-1079 | 2 Clusterlabs, Redhat | 2 Pacemaker Command Line Interface, Enterprise Linux | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. | |||||
| CVE-2018-1073 | 2 Ovirt, Redhat | 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. | |||||
| CVE-2018-1304 | 5 Apache, Canonical, Debian and 2 more | 11 Tomcat, Ubuntu Linux, Debian Linux and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | |||||
| CVE-2017-5405 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2017-5383 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
| CVE-2018-3639 | 12 Arm, Canonical, Debian and 9 more | 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | |||||
| CVE-2018-5117 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | |||||
| CVE-2017-5451 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 6 Docker, Moby, Leap and 3 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | |||||
| CVE-2018-11053 | 4 Citrix, Dell, Redhat and 1 more | 4 Xenserver, Emc Idrac Service Module, Enterprise Linux and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. | |||||