Vulnerabilities > Redhat > Enterprise Linux Server TUS > 6.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2014-8141 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8140 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8139 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-14 | CVE-2014-7844 | Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | 7.8 |
| 2019-04-09 | CVE-2017-3139 | Reachable Assertion vulnerability in Redhat products A denial of service flaw was found in the way BIND handled DNSSEC validation. | 7.5 |
| 2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
| 2019-01-16 | CVE-2017-3137 | Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. | 7.5 |
| 2018-10-08 | CVE-2018-1000805 | Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. | 8.8 |
| 2018-09-25 | CVE-2018-14634 | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. | 7.8 |
| 2018-09-06 | CVE-2018-5391 | Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. | 7.5 |