NotCVE - vendor:"Redhat" product:"Linux" version:"6.0"

Page 43 of 2135 results (0.009 seconds)

CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-17472 – Gentoo Linux Security Advisory 201811-10

https://notcve.org/view.php?id=CVE-2018-17472

14 Nov 2018 — Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remo... • http://www.securityfocus.com/bid/105666 • CWE-20: Improper Input Validation • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #f39c09; margin-bottom: 5px;'>CVSS: 5.4</span><span class='corner-second_right_word' style='color: #006621; margin-bottom: 5px;'>EPSS: 0%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 8</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14655" target="_blank">CVE-2018-14655 – keycloak: XSS-Vulnerability with response_mode=form_post</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14655</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">13 Nov 2018 — </span>A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. Se ha descubierto un error en Keycloak 3.4.3.Final, 4.0.0.Beta2 y 4.3.0.Final. Al emplear "response_mode=form_post", es posible inyectar código JavaScript arbitrario mediante el parámetro "state" en la URL de autenticación.  • https://access.redhat.com/errata/RHSA-2018:3592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 8.1</span><span class='corner-second_right_word' style='color: #006621; margin-bottom: 5px;'>EPSS: 0%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 7</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14657" target="_blank">CVE-2018-14657 – keycloak: brute force protection not working for the entire login workflow</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14657</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">13 Nov 2018 — </span>A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. Se ha descubierto un error en Keycloak 4.2.1.Final y 4.3.0.Final. Cuando TOPT está habilitado, la implementación incorrecta del algoritmo de detección de fuerza bruta no aplica sus medidas de protección. Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-b... • https://access.redhat.com/errata/RHSA-2018:3592 • CWE-307: Improper Restriction of Excessive Authentication Attempts • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 7.8</span><span class='corner-second_right_word' style='color: #006621; margin-bottom: 5px;'>EPSS: 0%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 4</span><span class='corner-fourth_right_word' style='color: #972b20; margin-bottom: 5px;'>EXPL: 1</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-19215" target="_blank">CVE-2018-19215</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-19215</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">12 Nov 2018 — </span>Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. Netwide Assembler (NASM) 2.14rc16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para los casos especiales de los caracteres % y $. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html • CWE-125: Out-of-bounds Read • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 7.8</span><span class='corner-second_right_word' style='color: #006621; margin-bottom: 5px;'>EPSS: 0%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 4</span><span class='corner-fourth_right_word' style='color: #972b20; margin-bottom: 5px;'>EXPL: 1</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-19214" target="_blank">CVE-2018-19214</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-19214</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">12 Nov 2018 — </span>Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para las entradas insuficientes. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html • CWE-125: Out-of-bounds Read • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #972b20; margin-bottom: 5px;'>CVSS: 9.8</span><span class='corner-second_right_word' style='color: #972b20; margin-bottom: 5px;'>EPSS: 88%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 3</span><span class='corner-fourth_right_word' style='color: #972b20; margin-bottom: 5px;'>EXPL: 8</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14667" target="_blank">CVE-2018-14667 – Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14667</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">06 Nov 2018 — </span>The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. RichFaces Framework en versiones 3.X hasta la 3.3.4 es vulnerable a una inyección Expression Language (EL) mediante el recurso UserResource. Un atacante no autenticado remoto podría explotar esto para ejecutar código a... • https://packetstorm.news/files/id/150412 • CWE-94: Improper Control of Generation of Code ('Code Injection') • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 8.1</span><span class='corner-second_right_word' style='color: #0073c0e3; margin-bottom: 5px;'>EPSS: 3%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 16</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-16396" target="_blank">CVE-2018-16396 – ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-16396</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">03 Nov 2018 — </span>An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. Se ha descubierto un problema en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. No contamina las cadenas que resultan de desempaquetar cadenas contaminadas con algunos formatos. It wa... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-20: Improper Input Validation • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #f39c09; margin-bottom: 5px;'>CVSS: 6.5</span><span class='corner-second_right_word' style='color: #0073c0e3; margin-bottom: 5px;'>EPSS: 3%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 8</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14652" target="_blank">CVE-2018-14652 – glusterfs: Buffer overflow in "features/locks" translator allows for denial of service</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14652</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">31 Oct 2018 — </span>The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un desbordamiento de búfer en el traductor "features/index" mediante el código que maneja el xattr "GF_XATTR_CLRLK_CMD" e... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 8.5</span><span class='corner-second_right_word' style='color: #0073c0e3; margin-bottom: 5px;'>EPSS: 2%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 8</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14654" target="_blank">CVE-2018-14654 – glusterfs: "features/index" translator can create arbitrary, empty files</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14654</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">31 Oct 2018 — </span>The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. El sistema de archivos Gluster hasta la versión 4.1.4 es vulnerable al abuso del traductor "features/index". Un atacante remoto con acceso a los volúmenes de montaje podría explotar esta vulnerabilidad mediante el xaatrop "GF_XATTROP_ENTRY_IN_K... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') • </div></div><div class="panel panel-default" style="margin: 0px 10px 30px;"><img src="/assets/img/cve_300x82_sin_bg.png" alt="" class="corner-imageCVE"><span class='corner-first_right_word' style='color: #dd4b40; margin-bottom: 5px;'>CVSS: 8.8</span><span class='corner-second_right_word' style='color: #006621; margin-bottom: 5px;'>EPSS: 0%</span><span class='corner-third_right_word' style='color: #2b2b2b; margin-bottom: 5px;'>CPEs: 7</span><span class='corner-fourth_right_word' style='color: gray; margin-bottom: 5px;'>EXPL: 0</span><div class="panel-body" style="background-color: #f8f8f8; padding: 17px 62px 10px 10px; border-radius: 10px; margin-right: 20px; width: 98%;box-shadow: 0px 0px 5px rgba(202, 160, 78, 0.6); font-weight: normal;"><h2 class="result-link"><a style="color: blue; padding-right: 20px;" href="view.php?id=CVE-2018-14653" target="_blank">CVE-2018-14653 – glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message</a></h2><p class="green-link">https://notcve.org/view.php?id=CVE-2018-14653</p> <span class="down-arrow"></span> <p style="margin-bottom: 0px; margin-top: 0px; margin-right: 20px; font-family: Arial, sans-serif; font-weight: 400; color: rgb(51, 51, 51); line-height: 1.58;"><span style="color: rgb(77, 81, 86);">31 Oct 2018 — </span>The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) en la función "__server_getspec" mediante el mensaje RPC "gf_getspec_req". Un... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write • </div></div> </div> </div> </section> <div class="pagination"> <a href='search.php?page=1&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'>1</a><span class='page-link-disabled'>...</span><a href='search.php?page=41&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'>41</a><a href='search.php?page=42&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'>42</a><a href='search.php?page=43&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link active'>43</a><a href='search.php?page=44&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'>44</a><a href='search.php?page=45&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'>45</a><a href='search.php?page=44&query=vendor%3A%22Redhat%22+product%3A%22Linux%22+version%3A%226.0%22' class='page-link'><i class='fas fa-chevron-right'></i></a> </div> </div> </main> <br> <br> <br> <br> <br>  <footer id="footer"> <div class="container"> <div class="row d-flex align-items-center"> <div class="col-lg-4"> <div class="footer-links text-lg-right text-center pt-4 pt-lg-0"> <a href="https://www.linkedin.com/company/notcve/" target="_blank"><i class="bi bi-linkedin"></i> LinkedIn</a> <a href="https://twitter.com/notCVE" target="_blank"><i class="bi bi-twitter"></i> Official</a> <a href="https://twitter.com/notCVEannounce" target="_blank"><i class="bi bi-twitter"></i> Announce</a> </div> </div> <div class="col-lg-4 text-center"> <div class="row align-items-center"> <div class="col-12 text-center"> Partners </div> <div class="col-12 text-center logo-container"> <a href="https://www.cyberintel.es" target="_blank"><img src="/assets/img/logo_cyber_test.svg" alt="Cyber Intelligence S.L."></a> </div> </div> </div> <div class="col-lg-4"> <nav class="footer-links text-lg-right text-center pt-2 pt-lg-0"> <a href="/faq.html">FAQ</a> <a href="/legal.html">Legal</a> <a href="/contact.html">Contact</a> </nav> </div> </div> </div> </footer> <a href="#" class="back-to-top d-flex align-items-center justify-content-center"><i class="bi bi-arrow-up-short"></i></a> <script src="/assets/js/main.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>  <script src="/admin/js/sb-admin-2.min.js"></script>   <script src="/admin/vendor/datatables/jquery.dataTables.min.js"></script> <script src="/admin/vendor/datatables/dataTables.bootstrap4.min.js"></script>  <script src="/admin/js/demo/datatables-demo.js"></script> </body> </html>