Vulnerabilities > Redhat > Enterprise Linux Server AUS

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-3813 Off-by-one Error vulnerability in multiple products
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.
7.5
2019-02-03 CVE-2019-7310 Incorrect Conversion between Numeric Types vulnerability in multiple products
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
7.8
2019-01-31 CVE-2019-6111 Path Traversal vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
5.9
2019-01-31 CVE-2019-6109 Improper Encoding or Escaping of Output vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
6.8
2019-01-29 CVE-2019-7150 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in elfutils 0.175.
5.5
2019-01-28 CVE-2019-3815 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
local
low complexity
redhat debian
3.3
2019-01-16 CVE-2018-5740 Reachable Assertion vulnerability in multiple products
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.
network
low complexity
isc redhat debian netapp canonical hp opensuse CWE-617
7.5
2019-01-16 CVE-2018-5733 Integer Overflow or Wraparound vulnerability in multiple products
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.
network
low complexity
isc redhat canonical debian CWE-190
7.5
2019-01-16 CVE-2017-3145 Use After Free vulnerability in multiple products
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.
network
low complexity
isc redhat debian netapp juniper CWE-416
7.5
2019-01-16 CVE-2017-3144 Resource Exhaustion vulnerability in multiple products
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server.
network
low complexity
isc redhat canonical debian CWE-400
7.5