Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-16 | CVE-2018-1068 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. | 6.7 |
| 2018-03-12 | CVE-2016-9600 | NULL Pointer Dereference vulnerability in multiple products JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. | 4.3 |
| 2018-03-12 | CVE-2014-8130 | Divide By Zero vulnerability in multiple products The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. | 4.3 |
| 2018-03-09 | CVE-2016-9591 | Use After Free vulnerability in multiple products JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. | 4.3 |
| 2018-02-16 | CVE-2018-1049 | Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. | 4.3 |
| 2018-02-12 | CVE-2018-6927 | Integer Overflow or Wraparound vulnerability in Linux Kernel The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | 4.6 |
| 2018-02-09 | CVE-2018-6871 | LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | 5.0 |
| 2018-02-02 | CVE-2018-6560 | Interpretation Conflict vulnerability in multiple products In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | 4.6 |
| 2018-01-25 | CVE-2018-5748 | Resource Exhaustion vulnerability in multiple products qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | 5.0 |
| 2018-01-24 | CVE-2018-1000007 | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. | 5.0 |