Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-10 | CVE-2018-1000864 | Infinite Loop vulnerability in multiple products A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | 6.5 |
| 2018-12-10 | CVE-2018-1000863 | Path Traversal vulnerability in multiple products A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. | 8.2 |
| 2018-12-10 | CVE-2018-1000862 | Information Exposure vulnerability in multiple products An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser. | 4.3 |
| 2018-12-10 | CVE-2018-1000861 | Deserialization of Untrusted Data vulnerability in multiple products A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. | 9.8 |
| 2018-12-07 | CVE-2018-5806 | NULL Pointer Dereference vulnerability in multiple products An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. | 6.5 |
| 2018-12-07 | CVE-2018-5805 | Out-of-bounds Write vulnerability in multiple products A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. | 8.8 |
| 2018-12-07 | CVE-2018-5802 | Out-of-bounds Read vulnerability in multiple products An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | 8.8 |
| 2018-12-07 | CVE-2018-5801 | NULL Pointer Dereference vulnerability in multiple products An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | 6.5 |
| 2018-12-07 | CVE-2018-5800 | Off-by-one Error vulnerability in multiple products An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | 6.5 |
| 2018-12-07 | CVE-2018-18314 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | 9.8 |