Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 4189 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3518 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2021-07-23 6.8 MEDIUM 8.8 HIGH
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVE-2018-25011 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 7.5 HIGH 9.8 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2018-25014 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 7.5 HIGH 9.8 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36330 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25010 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36328 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 7.5 HIGH 9.8 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36329 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 7.5 HIGH 9.8 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36331 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2021-07-23 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2019-11041 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2021-07-22 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-8331 3 F5, Getbootstrap, Redhat 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 12 more 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-11042 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2021-07-22 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2021-3612 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2021-07-21 7.2 HIGH 7.8 HIGH
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2018-8088 3 Oracle, Qos, Redhat 14 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 11 more 2021-07-21 7.5 HIGH 9.8 CRITICAL
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2019-5773 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
CVE-2019-5782 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2020-10779 1 Redhat 1 Cloudforms 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
CVE-2019-5781 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5775 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2020-0603 2 Microsoft, Redhat 3 Asp.net Core, Enterprise Linux, Enterprise Linux Eus 2021-07-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
CVE-2020-8991 1 Redhat 1 Lvm2 2021-07-21 2.1 LOW 2.3 LOW
** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug.