Vulnerabilities > Redhat > Enterprise Linux Server AUS > 7.6

DATE CVE VULNERABILITY TITLE RISK
2019-01-11 CVE-2018-16865 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. 7.8
2019-01-11 CVE-2018-16864 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. 7.8
2019-01-11 CVE-2018-16866 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. 3.3
2019-01-11 CVE-2019-6133 Race Condition vulnerability in multiple products
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached.
local
high complexity
polkit-project debian redhat canonical CWE-362
6.7
2018-12-20 CVE-2018-19134 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types.
local
low complexity
artifex debian redhat CWE-704
7.8
2018-12-19 CVE-2018-15127 Out-of-bounds Write vulnerability in multiple products
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
network
low complexity
libvnc-project canonical redhat debian CWE-787
critical
9.8
2018-12-12 CVE-2018-18397 Incorrect Authorization vulnerability in multiple products
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
local
low complexity
linux redhat canonical CWE-863
5.5
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
9.8
2018-12-06 CVE-2018-9568 Incorrect Type Conversion or Cast vulnerability in multiple products
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.
local
low complexity
google canonical redhat linux CWE-704
7.8