Vulnerabilities > Redhat > Enterprise Linux Server EUS > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12387 Improper Input Validation vulnerability in multiple products
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
9.1
2018-10-18 CVE-2018-5156 Improper Input Validation vulnerability in multiple products
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
9.8
2018-10-18 CVE-2018-5188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8.
network
low complexity
debian canonical mozilla redhat CWE-119
critical
9.8
2018-10-17 CVE-2018-3183 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting).
network
high complexity
oracle redhat debian canonical hp
critical
9.0
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-15101 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4.
network
low complexity
liblouis redhat CWE-119
critical
9.8
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-27 CVE-2017-2640 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content.
network
low complexity
pidgin redhat debian CWE-787
critical
9.8
2018-07-17 CVE-2018-14354 OS Command Injection vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt canonical debian redhat CWE-78
critical
9.8