Vulnerabilities > Redhat > Enterprise Linux Server EUS > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
critical
9.8
2018-06-11 CVE-2018-5183 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers backported selected changes in the Skia library.
network
low complexity
redhat debian canonical mozilla CWE-119
critical
9.8
2018-04-24 CVE-2017-2885 Out-of-bounds Write vulnerability in multiple products
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58.
network
low complexity
gnome debian redhat CWE-787
critical
9.8
2018-04-23 CVE-2017-17833 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
network
low complexity
openslp debian canonical redhat lenovo CWE-119
critical
9.8
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
critical
9.8
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
critical
9.8
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
9.8
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
critical
9.8