Vulnerabilities > Redhat > Enterprise Linux Server TUS > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
critical
 9.8
9.8
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
network
low complexity
qos redhat oracle
critical
 9.8
9.8
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
critical
 9.8
9.8
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
 9.8
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
 9.8
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
 9.8
9.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
 9.8
9.8
2017-10-19 CVE-2017-10285 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
 9.6
9.6
2017-10-19 CVE-2017-10346 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
low complexity
oracle redhat netapp debian
critical
 9.6
9.6
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8