Vulnerabilities > Redhat > Enterprise Linux Server TUS > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-06 CVE-2018-1000156 Improper Input Validation vulnerability in multiple products
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution.
local
low complexity
gnu canonical debian redhat CWE-20
7.8
2018-03-30 CVE-2018-7566 Race Condition vulnerability in multiple products
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
local
low complexity
linux suse canonical debian redhat oracle CWE-362
7.8
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
2018-03-01 CVE-2018-7550 Out-of-bounds Write vulnerability in multiple products
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
local
low complexity
qemu debian canonical redhat CWE-787
8.8
2018-02-12 CVE-2018-6927 Integer Overflow or Wraparound vulnerability in multiple products
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-02-07 CVE-2018-6574 Code Injection vulnerability in multiple products
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
local
low complexity
golang debian redhat CWE-94
7.8
2018-02-02 CVE-2018-6560 Interpretation Conflict vulnerability in multiple products
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
local
low complexity
flatpak redhat CWE-436
8.8
2018-01-31 CVE-2018-1000001 Out-of-bounds Write vulnerability in multiple products
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
local
low complexity
gnu canonical redhat CWE-787
7.8
2018-01-25 CVE-2018-5748 Resource Exhaustion vulnerability in multiple products
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
network
low complexity
redhat debian CWE-400
7.5
2018-01-18 CVE-2018-2637 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). 7.4