Vulnerabilities > Redhat > Enterprise Linux Server TUS

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
8.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
 9.8
9.8
2018-12-06 CVE-2018-9568 Incorrect Type Conversion or Cast vulnerability in multiple products
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.
local
low complexity
google canonical redhat linux CWE-704
7.8
7.8
2018-12-03 CVE-2018-16863 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.
local
low complexity
artifex redhat
7.8
7.8
2018-11-29 CVE-2018-8787 Integer Overflow or Wraparound vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian redhat CWE-190
critical
 9.8
9.8
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8
2018-11-28 CVE-2018-12121 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
network
low complexity
nodejs redhat CWE-400
7.5
7.5
2018-11-26 CVE-2018-14646 NULL Pointer Dereference vulnerability in multiple products
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file.
local
low complexity
linux redhat CWE-476
5.5
5.5
2018-11-23 CVE-2018-19477 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
7.8
2018-11-23 CVE-2018-19476 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
7.8