Vulnerabilities > Redhat > Enterprise Linux Server TUS

DATE CVE VULNERABILITY TITLE RISK
2018-09-05 CVE-2018-16541 Use After Free vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
local
low complexity
artifex canonical debian redhat CWE-416
5.5
2018-09-05 CVE-2018-16540 Use After Free vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
local
low complexity
artifex redhat debian canonical CWE-416
7.8
2018-09-05 CVE-2018-16539 Information Exposure vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
local
low complexity
artifex canonical debian redhat CWE-200
5.5
2018-09-05 CVE-2018-16511 Incorrect Type Conversion or Cast vulnerability in multiple products
An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
debian artifex canonical redhat CWE-704
7.8
2018-08-28 CVE-2018-15911 Use of Uninitialized Resource vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-08-20 CVE-2015-5160 Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
local
low complexity
libvirt redhat CWE-200
5.5
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
8.8
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-08-01 CVE-2016-9583 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
local
low complexity
redhat jasper-project oracle CWE-125
7.8