Vulnerabilities > Redhat > Enterprise Linux Server EUS > 7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2014-8141 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8140 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8139 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-14 | CVE-2015-3147 | Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | 6.5 |
| 2020-01-14 | CVE-2014-7844 | Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | 7.8 |
| 2019-01-16 | CVE-2017-3137 | Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. | 5.0 |
| 2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |
| 2018-06-11 | CVE-2018-5144 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. | 7.5 |
| 2018-06-11 | CVE-2017-7818 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. | 7.5 |
| 2018-06-11 | CVE-2017-7758 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. | 6.4 |