Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Server Eus
Subscriptions
Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 6.3 Medium |
| Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||||
| CVE-2018-17972 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-11-21 | N/A |
| An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. | ||||
| CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | ||||
| CVE-2018-17466 | 4 Canonical, Debian, Google and 1 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2024-11-21 | N/A |
| Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2018-17456 | 4 Canonical, Debian, Git-scm and 1 more | 12 Ubuntu Linux, Debian Linux, Git and 9 more | 2024-11-21 | N/A |
| Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | ||||
| CVE-2018-17183 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | ||||
| CVE-2018-16871 | 3 Linux, Netapp, Redhat | 31 Linux Kernel, Cloud Backup, H300e and 28 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | ||||
| CVE-2018-16865 | 5 Canonical, Debian, Oracle and 2 more | 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more | 2024-11-21 | 7.8 High |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. | ||||
| CVE-2018-16864 | 5 Canonical, Debian, Oracle and 2 more | 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more | 2024-11-21 | 7.8 High |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. | ||||
| CVE-2018-16863 | 2 Artifex, Redhat | 8 Ghostscript, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | ||||
| CVE-2018-16802 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. | ||||
| CVE-2018-16542 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | ||||
| CVE-2018-16541 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. | ||||
| CVE-2018-16540 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | ||||
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | ||||
| CVE-2018-16511 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | ||||
| CVE-2018-16509 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. | ||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more | 2024-11-21 | N/A |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | ||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 10 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 7 more | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | ||||
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more | 2024-11-21 | N/A |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | ||||