Vulnerabilities > Redhat > Enterprise Linux Server AUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12366 Out-of-bounds Read vulnerability in multiple products
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value.
network
low complexity
redhat debian canonical mozilla CWE-125
6.5
2018-10-18 CVE-2018-12365 Information Exposure vulnerability in multiple products
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction.
network
low complexity
redhat debian canonical mozilla CWE-200
6.5
2018-10-17 CVE-2018-3214 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound).
network
low complexity
oracle redhat debian canonical hp
5.3
2018-10-17 CVE-2018-3180 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat debian canonical hp
5.6
2018-10-15 CVE-2018-18073 Information Exposure vulnerability in multiple products
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
local
low complexity
artifex debian canonical redhat CWE-200
6.3
2018-10-04 CVE-2018-11784 Open Redirect vulnerability in multiple products
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
network
low complexity
apache debian canonical netapp redhat oracle CWE-601
4.3
2018-10-03 CVE-2018-17972 Race Condition vulnerability in multiple products
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11.
local
low complexity
linux canonical redhat debian CWE-362
5.5
2018-09-27 CVE-2018-14650 It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user.
local
low complexity
sos-collector-project redhat
5.0
2018-09-05 CVE-2018-16541 Use After Free vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
local
low complexity
artifex canonical debian redhat CWE-416
5.5
2018-09-05 CVE-2018-16539 Information Exposure vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
local
low complexity
artifex canonical debian redhat CWE-200
5.5