Vulnerabilities > Redhat > Enterprise Linux Server AUS > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2016-9577 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling.
network
low complexity
spice-project redhat debian CWE-119
8.8
2018-07-27 CVE-2017-2634 It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions.
network
low complexity
linux redhat
7.5
2018-07-27 CVE-2017-2590 Permission Issues vulnerability in multiple products
A vulnerability was found in ipa before 4.4.
network
low complexity
freeipa redhat CWE-275
8.1
2018-07-27 CVE-2017-12173 Improper Input Validation vulnerability in multiple products
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection.
network
low complexity
redhat fedoraproject CWE-20
8.8
2018-07-27 CVE-2017-12151 Cryptographic Issues vulnerability in multiple products
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3.
network
high complexity
samba redhat debian hp CWE-310
7.4
2018-07-26 CVE-2018-10901 A flaw was found in Linux kernel's KVM virtualization subsystem.
local
low complexity
linux redhat
7.8
2018-07-06 CVE-2018-13405 Improper Privilege Management vulnerability in multiple products
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.
7.8
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
2018-06-11 CVE-2018-5184 Inadequate Encryption Strength vulnerability in multiple products
Using remote content in encrypted messages can lead to the disclosure of plaintext.
network
low complexity
debian mozilla canonical redhat CWE-326
7.5
2018-06-11 CVE-2018-5178 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data.
network
high complexity
debian mozilla canonical redhat CWE-119
8.1