Vulnerabilities > Redhat > Enterprise Linux Server EUS > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12395 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5
2019-02-28 CVE-2018-12389 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
8.8
2019-02-15 CVE-2019-6974 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
network
high complexity
linux debian canonical f5 redhat CWE-416
8.1
2019-02-12 CVE-2019-8308 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
local
low complexity
flatpak debian redhat CWE-668
8.2
2019-02-04 CVE-2019-3813 Off-by-one Error vulnerability in multiple products
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.
7.5
2019-01-16 CVE-2018-5740 Reachable Assertion vulnerability in multiple products
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.
network
low complexity
isc redhat debian netapp canonical hp opensuse CWE-617
7.5
2019-01-16 CVE-2018-5733 Integer Overflow or Wraparound vulnerability in multiple products
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.
network
low complexity
isc redhat canonical debian CWE-190
7.5
2019-01-16 CVE-2017-3145 Use After Free vulnerability in multiple products
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.
network
low complexity
isc redhat debian netapp juniper CWE-416
7.5
2019-01-16 CVE-2017-3144 Resource Exhaustion vulnerability in multiple products
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server.
network
low complexity
isc redhat canonical debian CWE-400
7.5