Enterprise Linux Desktop

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-16	CVE-2018-10119	Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. local low complexity libreoffice debian redhat canonical CWE-416	7.8
2018-04-11	CVE-2018-1100	zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. local low complexity zsh canonical redhat	7.8
2018-04-06	CVE-2018-1000156	Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. local low complexity gnu canonical debian redhat CWE-20	7.8
2018-04-03	CVE-2018-4117	Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple webkitgtk canonical redhat debian CWE-200	6.5
2018-04-03	CVE-2017-7000	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple redhat debian chromium CWE-119	8.8
2018-04-02	CVE-2018-1094	NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. local low complexity linux redhat canonical CWE-476	5.5
2018-03-30	CVE-2018-7566	Race Condition vulnerability in multiple products The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. local low complexity linux suse canonical debian redhat oracle CWE-362	7.8
2018-03-28	CVE-2018-1083	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. local low complexity zsh canonical debian redhat CWE-119	7.8
2018-03-26	CVE-2018-1312	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. network low complexity apache canonical debian netapp redhat CWE-287 critical	9.8
2018-03-25	CVE-2018-8976	Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. network low complexity exiv2 debian redhat CWE-125	6.5