Vulnerabilities > Redhat > Enterprise Linux Server EUS > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-27 CVE-2018-15910 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15908 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
local
low complexity
artifex debian canonical redhat
7.8
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
8.8
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-08-01 CVE-2016-9583 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
local
low complexity
redhat jasper-project oracle CWE-125
7.8
2018-08-01 CVE-2016-8654 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size.
local
low complexity
jasper-project redhat debian CWE-119
7.8
2018-08-01 CVE-2016-9573 An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool.
network
low complexity
uclouvain redhat debian
8.1
2018-07-30 CVE-2017-7518 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack.
local
low complexity
redhat debian canonical linux CWE-755
7.8