Enterprise Linux Desktop

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-23	CVE-2018-1000140	Out-of-bounds Write vulnerability in multiple products rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. network low complexity rsyslog debian canonical redhat CWE-787 critical	9.8
2018-03-22	CVE-2018-8945	Improper Input Validation vulnerability in multiple products The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. local low complexity gnu redhat CWE-20	5.5
2018-03-22	CVE-2018-8905	Out-of-bounds Write vulnerability in multiple products In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. network low complexity libtiff debian canonical redhat CWE-787	8.8
2018-03-20	CVE-2018-8088	org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. network low complexity qos redhat oracle critical	9.8
2018-03-16	CVE-2018-1068	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. local low complexity linux canonical debian redhat CWE-787	6.7
2018-03-14	CVE-2018-1000122	Out-of-bounds Read vulnerability in multiple products A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage network low complexity debian canonical haxx redhat oracle CWE-125 critical	9.1
2018-03-14	CVE-2018-1000121	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service network low complexity debian canonical haxx redhat oracle CWE-476	7.5
2018-03-14	CVE-2018-1000120	Out-of-bounds Write vulnerability in multiple products A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. network low complexity debian canonical haxx redhat oracle CWE-787 critical	9.8
2018-03-13	CVE-2018-7750	Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. network low complexity paramiko redhat debian CWE-287 critical	9.8
2018-03-13	CVE-2018-1050	NULL Pointer Dereference vulnerability in multiple products All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. low complexity canonical samba debian redhat CWE-476	4.3