Vulnerabilities > Redhat > Enterprise Linux Server EUS > 7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2014-8141 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8140 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8139 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-14 | CVE-2015-3147 | Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | 6.5 |
| 2020-01-14 | CVE-2014-7844 | Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | 7.8 |
| 2019-11-04 | CVE-2017-5333 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 7.8 |
| 2019-11-04 | CVE-2017-5332 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 |
| 2019-01-16 | CVE-2018-5733 | Integer Overflow or Wraparound vulnerability in multiple products A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. | 7.5 |
| 2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
| 2019-01-16 | CVE-2017-3144 | Resource Exhaustion vulnerability in multiple products A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. | 7.5 |